Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
19/01/2024, 15:45
Static task
static1
Behavioral task
behavioral1
Sample
6802a02dcc78e824c4a48e4744b7b413.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
6802a02dcc78e824c4a48e4744b7b413.exe
Resource
win10v2004-20231215-en
General
-
Target
6802a02dcc78e824c4a48e4744b7b413.exe
-
Size
82KB
-
MD5
6802a02dcc78e824c4a48e4744b7b413
-
SHA1
48efcb02300a63efe29f4db34d75fd5424a58f6a
-
SHA256
5785011ff15b9722430bb98a21851fc58b42cc9cbade9dc76e9a0181e203c258
-
SHA512
ddf791e4cdf562ddcbff4689a5146704761067360b9fdeaec0ad5e5364d19611894f3f9d3717574dcbcf15ae86dbc7646c252a0a8d9deae2cc5ab33004fcef90
-
SSDEEP
1536:CVxKhPwmljnpzClEXJVPvVQlC/hoy8zv48wE0aLVd4aML+fzb:CVIhDFpzFWCZAv4k0lAfzb
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2096 6802a02dcc78e824c4a48e4744b7b413.exe -
Executes dropped EXE 1 IoCs
pid Process 2096 6802a02dcc78e824c4a48e4744b7b413.exe -
Loads dropped DLL 1 IoCs
pid Process 1248 6802a02dcc78e824c4a48e4744b7b413.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1248 6802a02dcc78e824c4a48e4744b7b413.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1248 6802a02dcc78e824c4a48e4744b7b413.exe 2096 6802a02dcc78e824c4a48e4744b7b413.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1248 wrote to memory of 2096 1248 6802a02dcc78e824c4a48e4744b7b413.exe 17 PID 1248 wrote to memory of 2096 1248 6802a02dcc78e824c4a48e4744b7b413.exe 17 PID 1248 wrote to memory of 2096 1248 6802a02dcc78e824c4a48e4744b7b413.exe 17 PID 1248 wrote to memory of 2096 1248 6802a02dcc78e824c4a48e4744b7b413.exe 17
Processes
-
C:\Users\Admin\AppData\Local\Temp\6802a02dcc78e824c4a48e4744b7b413.exe"C:\Users\Admin\AppData\Local\Temp\6802a02dcc78e824c4a48e4744b7b413.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1248 -
C:\Users\Admin\AppData\Local\Temp\6802a02dcc78e824c4a48e4744b7b413.exeC:\Users\Admin\AppData\Local\Temp\6802a02dcc78e824c4a48e4744b7b413.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2096
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
82KB
MD59e180318042e3053e6786b2eb9b31061
SHA1a53093bd662ec053e9eb527a1561da433ae7aaba
SHA256572dbc88a0eebec7cc2c517f1cf8b12c4972ff2eab0ab700c1699bdc513b2660
SHA5123491f8e47a72cdf9671230d337f539ba58f81ed15d6e17e24903c6cb591cf5a0df07a1637b4a65463f9502e453123fe3a0d335dce5dcecde1d1a764c662ae28c