Analysis
-
max time kernel
132s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
12-01-2024 05:19
Behavioral task
behavioral1
Sample
55997e2d010dbe60889fb3fc0744e08c.exe
Resource
win7-20231215-en
windows7-x64
7 signatures
150 seconds
Behavioral task
behavioral2
Sample
55997e2d010dbe60889fb3fc0744e08c.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
6 signatures
150 seconds
General
-
Target
55997e2d010dbe60889fb3fc0744e08c.exe
-
Size
5.8MB
-
MD5
55997e2d010dbe60889fb3fc0744e08c
-
SHA1
0f1e6a4fb09127c987eb4ce6f85f07bcb3c8be56
-
SHA256
92a88e4977a3e6821b49e433ad58e8024f5c3275f43c8d94de2744c028334890
-
SHA512
f2f95b632e15854e148851f0aaf6dbeaaeba9169704a56da5a02703201109b679a8fcb362eb03ba46c0802239d5361c31c6fc724d94d39e1dc9934cd868a1bc9
-
SSDEEP
98304:SPBP6yVC5LeQxlYHau42c1joCjMPkNwk6alDAqD7z3uboHau42c1joCjMPkNwk6:SJSyVC5Lecl6auq1jI86FA7y2auq1jIH
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1484 55997e2d010dbe60889fb3fc0744e08c.exe -
Executes dropped EXE 1 IoCs
pid Process 1484 55997e2d010dbe60889fb3fc0744e08c.exe -
resource yara_rule behavioral2/memory/1820-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/memory/1484-14-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1820 55997e2d010dbe60889fb3fc0744e08c.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1820 55997e2d010dbe60889fb3fc0744e08c.exe 1484 55997e2d010dbe60889fb3fc0744e08c.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1820 wrote to memory of 1484 1820 55997e2d010dbe60889fb3fc0744e08c.exe 19 PID 1820 wrote to memory of 1484 1820 55997e2d010dbe60889fb3fc0744e08c.exe 19 PID 1820 wrote to memory of 1484 1820 55997e2d010dbe60889fb3fc0744e08c.exe 19
Processes
-
C:\Users\Admin\AppData\Local\Temp\55997e2d010dbe60889fb3fc0744e08c.exe"C:\Users\Admin\AppData\Local\Temp\55997e2d010dbe60889fb3fc0744e08c.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1820 -
C:\Users\Admin\AppData\Local\Temp\55997e2d010dbe60889fb3fc0744e08c.exeC:\Users\Admin\AppData\Local\Temp\55997e2d010dbe60889fb3fc0744e08c.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:1484
-