Analysis
-
max time kernel
122s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
18-01-2024 12:45
Behavioral task
behavioral1
Sample
65676f55a7e69be09c3cfcf9431f2b4b.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
65676f55a7e69be09c3cfcf9431f2b4b.exe
Resource
win10v2004-20231215-en
General
-
Target
65676f55a7e69be09c3cfcf9431f2b4b.exe
-
Size
2.7MB
-
MD5
65676f55a7e69be09c3cfcf9431f2b4b
-
SHA1
1e0304627c272f6c36a40f0c78571c6120d3daba
-
SHA256
5fc45f9d446cf5dd8dcc7553e5762acff61a6868a42e00c6a840f6d9dcccf727
-
SHA512
eb5accffa74c4d446f7f11d174cc638c5118684b19484c08754f54e8bb163152178e8013b9ed5aea3cad73fffab148288af5f044ed3eb7760cd41be56b2f6696
-
SSDEEP
49152:8Mhi/PJhXmeSEqEZQIOvnbplhselm+ro2AAZ+4lRzws7qQvxTAemaQkjO8dCRf:8Mhi/PJhWTMVQnbpDlNfZzJws7qcxGkI
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2668 65676f55a7e69be09c3cfcf9431f2b4b.exe -
Executes dropped EXE 1 IoCs
pid Process 2668 65676f55a7e69be09c3cfcf9431f2b4b.exe -
resource yara_rule behavioral2/memory/5104-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/memory/2668-13-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x000700000002304b-11.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 5104 65676f55a7e69be09c3cfcf9431f2b4b.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 5104 65676f55a7e69be09c3cfcf9431f2b4b.exe 2668 65676f55a7e69be09c3cfcf9431f2b4b.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 5104 wrote to memory of 2668 5104 65676f55a7e69be09c3cfcf9431f2b4b.exe 20 PID 5104 wrote to memory of 2668 5104 65676f55a7e69be09c3cfcf9431f2b4b.exe 20 PID 5104 wrote to memory of 2668 5104 65676f55a7e69be09c3cfcf9431f2b4b.exe 20
Processes
-
C:\Users\Admin\AppData\Local\Temp\65676f55a7e69be09c3cfcf9431f2b4b.exe"C:\Users\Admin\AppData\Local\Temp\65676f55a7e69be09c3cfcf9431f2b4b.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:5104 -
C:\Users\Admin\AppData\Local\Temp\65676f55a7e69be09c3cfcf9431f2b4b.exeC:\Users\Admin\AppData\Local\Temp\65676f55a7e69be09c3cfcf9431f2b4b.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2668
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
290KB
MD5ae4796295573dc5fbfb3c85b46efb649
SHA1804da7154c0ca5511b5342a280d99021b39e74ca
SHA256ad1bbdf424c6c07a0a632e107323b9b1cc358e8490104f3a2a69279ce5e60f49
SHA5128629c6449b3754d2a4568e5c169ac5bd02098a1d908733eea7e7dd7be4260f57639987be6bd0e2fab53518bc2e3ff2b4eba4d1b09c7fb3ce47425265892cc831