Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
19-01-2024 00:29
Behavioral task
behavioral1
Sample
666e30579179bdd43772f365409936f1.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
666e30579179bdd43772f365409936f1.exe
Resource
win10v2004-20231215-en
General
-
Target
666e30579179bdd43772f365409936f1.exe
-
Size
1.3MB
-
MD5
666e30579179bdd43772f365409936f1
-
SHA1
5c647ceedb338bef800a117cf1a1847af23e39b7
-
SHA256
ea2f901ae8ccb51c70e56ea5db2288b5e9257a60612f8b38fd4fbd2021f40ae1
-
SHA512
49a725be285f00589c9a85a1c53230d5a19228f3ad3d96156918d9f4c193d56e3530c761d3ae818e496dc2b1f9ac69e705abedf2bdb4feac505805082e0c4cab
-
SSDEEP
24576:oCiPto8LPBtdxUkurFMu5DTMPTwuPItfOhQl6goRgx4C3SdpKe0vG:OLPvdxUR7DYPXIENgoRgHle
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2968 666e30579179bdd43772f365409936f1.exe -
Executes dropped EXE 1 IoCs
pid Process 2968 666e30579179bdd43772f365409936f1.exe -
Loads dropped DLL 1 IoCs
pid Process 1812 666e30579179bdd43772f365409936f1.exe -
resource yara_rule behavioral1/memory/1812-0-0x0000000000400000-0x000000000086A000-memory.dmp upx behavioral1/files/0x00090000000122c9-16.dat upx behavioral1/files/0x00090000000122c9-11.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1812 666e30579179bdd43772f365409936f1.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1812 666e30579179bdd43772f365409936f1.exe 2968 666e30579179bdd43772f365409936f1.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1812 wrote to memory of 2968 1812 666e30579179bdd43772f365409936f1.exe 21 PID 1812 wrote to memory of 2968 1812 666e30579179bdd43772f365409936f1.exe 21 PID 1812 wrote to memory of 2968 1812 666e30579179bdd43772f365409936f1.exe 21 PID 1812 wrote to memory of 2968 1812 666e30579179bdd43772f365409936f1.exe 21
Processes
-
C:\Users\Admin\AppData\Local\Temp\666e30579179bdd43772f365409936f1.exe"C:\Users\Admin\AppData\Local\Temp\666e30579179bdd43772f365409936f1.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1812 -
C:\Users\Admin\AppData\Local\Temp\666e30579179bdd43772f365409936f1.exeC:\Users\Admin\AppData\Local\Temp\666e30579179bdd43772f365409936f1.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2968
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
324KB
MD5e19542e6e3deca5c327c5b4a44203f83
SHA14d8e49f46cc84bf8d395c10b2cf76ab9fe6340c9
SHA2565126b14280b828c7470999d82f86a2c759963e7f2be023e03ee5ef166ac7d7d1
SHA512e8fe02d794cdac2896853928512a677f11d8a7f054e717f769a6a786d1e1c6fa1c6b0226c5583576406cd0aae48e55a9a8d520999d7d877a9ebea81e92e0b1bb
-
Filesize
529KB
MD516c04898455bbf74fd5149cb3b9fade1
SHA1c0d7dbafe914b9509176a96848eed2a9598e90e5
SHA2568c459872d5b4598a835d298b2acfda568d1ea14f7629be10399d9902100630f5
SHA512918876b7f5b68268ec703a72c51d5fd712f80e04ff15b4e03ef2582363b71b99946d2b992c1cd31dc29270956bf797d111c608b1fc4f04a0d361ddbffcc00b8c