Analysis
-
max time kernel
138s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
19/01/2024, 14:05
Static task
static1
Behavioral task
behavioral1
Sample
67cefb05fb757b085ea789a28bc67ab1.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
67cefb05fb757b085ea789a28bc67ab1.exe
Resource
win10v2004-20231215-en
General
-
Target
67cefb05fb757b085ea789a28bc67ab1.exe
-
Size
409KB
-
MD5
67cefb05fb757b085ea789a28bc67ab1
-
SHA1
d4de55a1f735ea12896831c7f4b7fccd585e1579
-
SHA256
ffde185d79483ef876fc7c541115d52ed6a23dd2562ec9ebee051a559fc7f885
-
SHA512
af6d2d5f0b6c70d4d036bcc73d9e653bdab1727bf1eff640fd86f1edcc4851b59b52b814e1cf0629eefec556b094d7054017808228350bd15a26e7b27e38d690
-
SSDEEP
6144:Flix0jXsQiW14SAEly53hS4s88JBF8lo7/KiiT9cVKooiihLpQJt2iBOE9QOlKt1:FEx0Fomy5x6fMCD9QOlKVdYs1KHcUsay
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1448 67cefb05fb757b085ea789a28bc67ab1.exe -
Executes dropped EXE 1 IoCs
pid Process 1448 67cefb05fb757b085ea789a28bc67ab1.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 4720 67cefb05fb757b085ea789a28bc67ab1.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 4720 67cefb05fb757b085ea789a28bc67ab1.exe 1448 67cefb05fb757b085ea789a28bc67ab1.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4720 wrote to memory of 1448 4720 67cefb05fb757b085ea789a28bc67ab1.exe 87 PID 4720 wrote to memory of 1448 4720 67cefb05fb757b085ea789a28bc67ab1.exe 87 PID 4720 wrote to memory of 1448 4720 67cefb05fb757b085ea789a28bc67ab1.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\67cefb05fb757b085ea789a28bc67ab1.exe"C:\Users\Admin\AppData\Local\Temp\67cefb05fb757b085ea789a28bc67ab1.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4720 -
C:\Users\Admin\AppData\Local\Temp\67cefb05fb757b085ea789a28bc67ab1.exeC:\Users\Admin\AppData\Local\Temp\67cefb05fb757b085ea789a28bc67ab1.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:1448
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
409KB
MD563c3f5185599bce1d163b896c68a6d9b
SHA17fd88bb146a53b0133227ea316c644104b066546
SHA25609f470b59b9094606730d68fc8f39a5aa8063689c42bd2664324f87411486a5d
SHA5126617db36f6eaf23569eaf2c3907066d2271df0c7786c07dfdd907b9a1e319cca801d78fbe9319ca43c407d67792efa887e0ab22d1a08ffacd1f1bc95fec2db64