Analysis
-
max time kernel
149s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
12/01/2024, 04:29
Behavioral task
behavioral1
Sample
557eca26eade7b8029019eb216314556.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
557eca26eade7b8029019eb216314556.exe
Resource
win10v2004-20231215-en
General
-
Target
557eca26eade7b8029019eb216314556.exe
-
Size
1.3MB
-
MD5
557eca26eade7b8029019eb216314556
-
SHA1
5005a27b60ed7dfac758840b83f4edd696451086
-
SHA256
fca255f97e3984b5a29ca8bfa91e1e4573d3dc37003fa83825c543fe0be8f23e
-
SHA512
8467521c589b57b88f10aca8d38e1c0a1394a570e02f5e170d37c70b4ff589db62203cdae6214419806a83e41b330afbf9d5034130f0567bf096870f5209a0aa
-
SSDEEP
24576:t+WZ0TJRl67zOXVArWi6J5xzmJGcpt5DW8yVrQbLwdOVjtDvgjGPFkH+UhhTffxG:0WZ0FL67zcArW9PkptZWdubsdJuTShTY
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3380 557eca26eade7b8029019eb216314556.exe -
Executes dropped EXE 1 IoCs
pid Process 3380 557eca26eade7b8029019eb216314556.exe -
resource yara_rule behavioral2/memory/1988-0-0x0000000000400000-0x00000000008E7000-memory.dmp upx behavioral2/files/0x0006000000023116-11.dat upx behavioral2/memory/3380-13-0x0000000000400000-0x00000000008E7000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1988 557eca26eade7b8029019eb216314556.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1988 557eca26eade7b8029019eb216314556.exe 3380 557eca26eade7b8029019eb216314556.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1988 wrote to memory of 3380 1988 557eca26eade7b8029019eb216314556.exe 90 PID 1988 wrote to memory of 3380 1988 557eca26eade7b8029019eb216314556.exe 90 PID 1988 wrote to memory of 3380 1988 557eca26eade7b8029019eb216314556.exe 90
Processes
-
C:\Users\Admin\AppData\Local\Temp\557eca26eade7b8029019eb216314556.exe"C:\Users\Admin\AppData\Local\Temp\557eca26eade7b8029019eb216314556.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1988 -
C:\Users\Admin\AppData\Local\Temp\557eca26eade7b8029019eb216314556.exeC:\Users\Admin\AppData\Local\Temp\557eca26eade7b8029019eb216314556.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:3380
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.3MB
MD5ebb88a7a51604b3797ce0c5d0e96e3fd
SHA1eb42f78f38197e2ceb051d0ba3241857dc0b142f
SHA256c97e884e7d548be79bc08704052695421ce29292182ef9db4b5ae0374d2041b1
SHA51254c76cfb491c4873642909c3b6e1d012fe683d4170ea4438477f8ebbfb16e294e2f8027130854919bd95d68dacff25fea51b692854b90ad862ba1e4c18cb9124