b4e7693eea8470e59c908c859b732ef194ff938980ec6485d490c21c79fafea6

Analysis

max time kernel
152s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12/01/2024, 00:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

550797f1c8ee7fcd3818d5ee9cdbdb1b.exe
Size

385KB
MD5

550797f1c8ee7fcd3818d5ee9cdbdb1b
SHA1

6dd3eec632a8c429dec08436140aaddeb435dbaf
SHA256

b4e7693eea8470e59c908c859b732ef194ff938980ec6485d490c21c79fafea6
SHA512

ed4944821e9471c22e0fc1d1e831858fd432b9c26033e7d35a208f666253d43c8e8579f271aad8425079c2be38366e720fb63b2ded04cd0fd448eeac6208a94c
SSDEEP

12288:D0A+GOZXKNs25XBsQ8qEgG9w4XrTDP/eYqZ7gs0JMTwIYeiYynHB:Dkt1KTjD8trt3jffB

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
224	550797f1c8ee7fcd3818d5ee9cdbdb1b.exe

Executes dropped EXE 1 IoCs

pid	Process
224	550797f1c8ee7fcd3818d5ee9cdbdb1b.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4604	550797f1c8ee7fcd3818d5ee9cdbdb1b.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4604	550797f1c8ee7fcd3818d5ee9cdbdb1b.exe
224	550797f1c8ee7fcd3818d5ee9cdbdb1b.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4604 wrote to memory of 224	4604	550797f1c8ee7fcd3818d5ee9cdbdb1b.exe	88
PID 4604 wrote to memory of 224	4604	550797f1c8ee7fcd3818d5ee9cdbdb1b.exe	88
PID 4604 wrote to memory of 224	4604	550797f1c8ee7fcd3818d5ee9cdbdb1b.exe	88

C:\Users\Admin\AppData\Local\Temp\550797f1c8ee7fcd3818d5ee9cdbdb1b.exe
"C:\Users\Admin\AppData\Local\Temp\550797f1c8ee7fcd3818d5ee9cdbdb1b.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4604
- C:\Users\Admin\AppData\Local\Temp\550797f1c8ee7fcd3818d5ee9cdbdb1b.exe
  C:\Users\Admin\AppData\Local\Temp\550797f1c8ee7fcd3818d5ee9cdbdb1b.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\550797f1c8ee7fcd3818d5ee9cdbdb1b.exe

Filesize
385KB

MD5
126462d55cb5b9d064d6b5528fb97b34

SHA1
ddf12964f53341aff41e5d3b1b85ca1f9796c0cf

SHA256
9e242b3f15d93a3cd02fc5aa9720e9fcad54702e999aaad77ab919a2a17e3de0

SHA512
1f8b13518a761389b7eafc3ccef859bdd0e19ff4cf8b037be0d5abc26d6fcda8a24d4360b16761695d844e1dea3fcbc6031a5a72d6c385a313f5bbd8756ea11d

Download Submit
memory/224-13-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/224-15-0x0000000001470000-0x00000000014D6000-memory.dmp

Filesize
408KB

Download
memory/224-20-0x0000000004ED0000-0x0000000004F2F000-memory.dmp

Filesize
380KB

Download
memory/224-21-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/224-30-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/224-34-0x000000000B600000-0x000000000B63C000-memory.dmp

Filesize
240KB

Download
memory/224-36-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/4604-0-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/4604-1-0x00000000014D0000-0x0000000001536000-memory.dmp

Filesize
408KB

Download
memory/4604-2-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/4604-11-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download