Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
13/01/2024, 20:57
Static task
static1
Behavioral task
behavioral1
Sample
59651299a440700c2aac29ff98182cf8.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
59651299a440700c2aac29ff98182cf8.exe
Resource
win10v2004-20231215-en
General
-
Target
59651299a440700c2aac29ff98182cf8.exe
-
Size
907KB
-
MD5
59651299a440700c2aac29ff98182cf8
-
SHA1
0068f715a68fa1355d82f705aedab288004be970
-
SHA256
7a553f600b66cec9f25489890bec7c310950de1f188b4a6b646c2929e09f5fc1
-
SHA512
9e1376623e291d532027b4ddbb3dd325c482a0fc3e617b94be6e2b714364f909b85261bb9922182a9b56351f0f2d3c309ebd06a80847ba598258fb1bb4f326f3
-
SSDEEP
24576:Aqq4/mqaIVKdVgX0n/Uv85Zok6DAiQG1/jwI/a/ZS1:Vbe2VKdVMw/Uv85mtdQGRjr/gS
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3952 59651299a440700c2aac29ff98182cf8.exe -
Executes dropped EXE 1 IoCs
pid Process 3952 59651299a440700c2aac29ff98182cf8.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 4144 59651299a440700c2aac29ff98182cf8.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 4144 59651299a440700c2aac29ff98182cf8.exe 3952 59651299a440700c2aac29ff98182cf8.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4144 wrote to memory of 3952 4144 59651299a440700c2aac29ff98182cf8.exe 90 PID 4144 wrote to memory of 3952 4144 59651299a440700c2aac29ff98182cf8.exe 90 PID 4144 wrote to memory of 3952 4144 59651299a440700c2aac29ff98182cf8.exe 90
Processes
-
C:\Users\Admin\AppData\Local\Temp\59651299a440700c2aac29ff98182cf8.exe"C:\Users\Admin\AppData\Local\Temp\59651299a440700c2aac29ff98182cf8.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4144 -
C:\Users\Admin\AppData\Local\Temp\59651299a440700c2aac29ff98182cf8.exeC:\Users\Admin\AppData\Local\Temp\59651299a440700c2aac29ff98182cf8.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:3952
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
147KB
MD589941da9d3f1656531fbaab4de077bb0
SHA19375c8ef6f14f0d585834aaec573165c1f1e8655
SHA256dcd5513cca7384370319c1794f215749ef1dd0dff637fda2b53d901a8db767fe
SHA512edd12a77080ac4fde37d101a609e2c2d2b3fe7a612b4932034f85ba321f5640825ff89b4b25760a02c1ce12388f4ec4765e3d9f5a78819da2f5990e9565156f0