1ac0f64e9d7a79d245aa9eddd1a75df106d28af2846c68ae5831ed2fd20487c7

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
11/01/2024, 13:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

53a45c691bc714650f286ee6f3409335.exe
Size

1.6MB
MD5

53a45c691bc714650f286ee6f3409335
SHA1

b24fd548e07aa6eb321282b8a5a9a28c5d665914
SHA256

1ac0f64e9d7a79d245aa9eddd1a75df106d28af2846c68ae5831ed2fd20487c7
SHA512

82fa8cb33ea2ad2bcb1e9ed2c53cdb93a23f5404c3570cdfea1c1ecba757c8651ce6507f63804a7c9591daf8dbdb29a0f07f5ae4ce56ba06b5402105a22e3d8d
SSDEEP

24576:5QwJ4RvFieEB2qHxDMjO6V7+V/IkG4H/9Dah0AC1sDWMY0gYGoYYVMbQ:V6RvFFEBSjFZ+VPGWF80AC1mt26tMc

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2372	53a45c691bc714650f286ee6f3409335.exe

Executes dropped EXE 1 IoCs

pid	Process
2372	53a45c691bc714650f286ee6f3409335.exe

Loads dropped DLL 1 IoCs

pid	Process
1388	53a45c691bc714650f286ee6f3409335.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1388	53a45c691bc714650f286ee6f3409335.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1388	53a45c691bc714650f286ee6f3409335.exe
2372	53a45c691bc714650f286ee6f3409335.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1388 wrote to memory of 2372	1388	53a45c691bc714650f286ee6f3409335.exe	28
PID 1388 wrote to memory of 2372	1388	53a45c691bc714650f286ee6f3409335.exe	28
PID 1388 wrote to memory of 2372	1388	53a45c691bc714650f286ee6f3409335.exe	28
PID 1388 wrote to memory of 2372	1388	53a45c691bc714650f286ee6f3409335.exe	28

C:\Users\Admin\AppData\Local\Temp\53a45c691bc714650f286ee6f3409335.exe
"C:\Users\Admin\AppData\Local\Temp\53a45c691bc714650f286ee6f3409335.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1388
- C:\Users\Admin\AppData\Local\Temp\53a45c691bc714650f286ee6f3409335.exe
  C:\Users\Admin\AppData\Local\Temp\53a45c691bc714650f286ee6f3409335.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2372

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\53a45c691bc714650f286ee6f3409335.exe

Filesize
893KB

MD5
c9960c0758018fd5cebc10467c51a22d

SHA1
04a587bc0e15cd8353dfbe6e730da098698635bb

SHA256
a096a8b58a2bc3d362b8fd82d8736314d74a7a09393125222574ef1febbc2f4f

SHA512
6331b33381bc53bfa99768a19cf0811cd584a880fca4837908c0f466fae0350c3de92531f09c338a63943e65ab25118c56e314f5f5afa76fcd852506b12cac32

Download Submit
\Users\Admin\AppData\Local\Temp\53a45c691bc714650f286ee6f3409335.exe

Filesize
92KB

MD5
c9c714b58bcb9bb232cbe09f280fae92

SHA1
9945f1082d5ec75552ab56085f82f8945d544653

SHA256
7d9002320868c391d63897bad9ff83748f0890f3ec66d784ec5bf1a3a49e3fd3

SHA512
1f29e4539369a4d38d6b88a7b290586cf255248ce84f0aa7a5fec3bb81c61e8e34c56e3d145e56338b53e87274aa733b73c497889316058e68cefa8daec282c0

Download Submit
memory/1388-0-0x0000000000400000-0x0000000000877000-memory.dmp

Filesize
4.5MB

Download
memory/1388-1-0x0000000000400000-0x000000000064D000-memory.dmp

Filesize
2.3MB

Download
memory/1388-2-0x0000000001D30000-0x00000000021A7000-memory.dmp

Filesize
4.5MB

Download
memory/1388-15-0x0000000003C50000-0x00000000040C7000-memory.dmp

Filesize
4.5MB

Download
memory/1388-13-0x0000000000400000-0x000000000064D000-memory.dmp

Filesize
2.3MB

Download
memory/2372-16-0x0000000000400000-0x000000000064D000-memory.dmp

Filesize
2.3MB

Download
memory/2372-18-0x0000000000400000-0x0000000000877000-memory.dmp

Filesize
4.5MB

Download
memory/2372-23-0x0000000000400000-0x0000000000640000-memory.dmp

Filesize
2.2MB

Download
memory/2372-26-0x0000000003720000-0x000000000396D000-memory.dmp

Filesize
2.3MB

Download
memory/2372-20-0x0000000001AD0000-0x0000000001F47000-memory.dmp

Filesize
4.5MB

Download