Analysis
-
max time kernel
122s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
14/01/2024, 11:01
Behavioral task
behavioral1
Sample
5b1170fd534bb85ae72a7e36675ca94e.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
5b1170fd534bb85ae72a7e36675ca94e.exe
Resource
win10v2004-20231215-en
General
-
Target
5b1170fd534bb85ae72a7e36675ca94e.exe
-
Size
5.8MB
-
MD5
5b1170fd534bb85ae72a7e36675ca94e
-
SHA1
faf8984114d756d40c0eabd3affd46a78e5dfe29
-
SHA256
fb41d97640d9221ff05bc607a06914a8a0a23fff900379913ddbf47de5363b01
-
SHA512
a42cdee98a7f0564a14077ce5daa7d550326f12558069b82b7d4de7fd20a43762d5495ebd12766d33af49a0f91f70bb294e56c7f56d84b03c66d1f4ee7571581
-
SSDEEP
98304:g2vTn7BUb2mN64HBUCczzM30z9GZJ0sWzV8Pe4HBUCczzM3:gCfoZWCKg+jVOWC
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2292 5b1170fd534bb85ae72a7e36675ca94e.exe -
Executes dropped EXE 1 IoCs
pid Process 2292 5b1170fd534bb85ae72a7e36675ca94e.exe -
Loads dropped DLL 1 IoCs
pid Process 2100 5b1170fd534bb85ae72a7e36675ca94e.exe -
resource yara_rule behavioral1/memory/2100-2-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/memory/2292-15-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x000c000000015c26-13.dat upx behavioral1/files/0x000c000000015c26-10.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2100 5b1170fd534bb85ae72a7e36675ca94e.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2100 5b1170fd534bb85ae72a7e36675ca94e.exe 2292 5b1170fd534bb85ae72a7e36675ca94e.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2100 wrote to memory of 2292 2100 5b1170fd534bb85ae72a7e36675ca94e.exe 28 PID 2100 wrote to memory of 2292 2100 5b1170fd534bb85ae72a7e36675ca94e.exe 28 PID 2100 wrote to memory of 2292 2100 5b1170fd534bb85ae72a7e36675ca94e.exe 28 PID 2100 wrote to memory of 2292 2100 5b1170fd534bb85ae72a7e36675ca94e.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\5b1170fd534bb85ae72a7e36675ca94e.exe"C:\Users\Admin\AppData\Local\Temp\5b1170fd534bb85ae72a7e36675ca94e.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2100 -
C:\Users\Admin\AppData\Local\Temp\5b1170fd534bb85ae72a7e36675ca94e.exeC:\Users\Admin\AppData\Local\Temp\5b1170fd534bb85ae72a7e36675ca94e.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2292
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
294KB
MD5753f9d9d7c3bdd9a36c31b9c3f04355e
SHA14e8418f04e45f0bd002932a7b7cdbbdf045182f9
SHA2563609e887e9784c7287cc7c0c90862ccf2a8ff1b5b882b173e109780c7fbac281
SHA51254302c1935c334d6d41ebb1b858dcf88d6da3add20123fabd1a658df8c3f518e2f450b20ebb260dcdf494df5f037d414f5d5975621f94aed7fff8037c4036913
-
Filesize
412KB
MD5abf5167b1889bc783558f3d7d851ac5a
SHA1ae5c15d9643ca669258c07c3575d246df62fbde9
SHA25673c783be59b7c28df9824791136053df8082933a51dfdf90fda5431b41249a85
SHA51200968bcc857147f0e09c17ef62abdcd937c96c4d5ec4972a82d6094c470a1643074e2e6d3f86da0f77a39475313ba4158bb33838c87a19dcc2f10b7f7a20ab9b