60f85eab717212cedc9eea8bee6ef7c6df81ff6e867f2dda90b5f4013f3f4d61

Analysis

max time kernel
141s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
23/01/2024, 16:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

700741fd8151f71d0cf355bc287645b5.exe
Size

771KB
MD5

700741fd8151f71d0cf355bc287645b5
SHA1

cd8c5ed1c3c4b326f88b3f8e1901d99e9473a845
SHA256

60f85eab717212cedc9eea8bee6ef7c6df81ff6e867f2dda90b5f4013f3f4d61
SHA512

1be1cd088f278bc9f7b6aa60da0d05c927e7b321fe5d31e6d25ed5d9c3728bf77517e907af203d765958ed60705b4f1741415b703c1b4e89dfa22260f8922568
SSDEEP

24576:VeL9YrRvonyJcLV2l7idoWLH/4r8Eb10hJaothZ2/T6FBBB:VeBYrRvonyJkV2l7ZW74r8O/ofT

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2944	700741fd8151f71d0cf355bc287645b5.exe

Executes dropped EXE 1 IoCs

pid	Process
2944	700741fd8151f71d0cf355bc287645b5.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3796	700741fd8151f71d0cf355bc287645b5.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3796	700741fd8151f71d0cf355bc287645b5.exe
2944	700741fd8151f71d0cf355bc287645b5.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3796 wrote to memory of 2944	3796	700741fd8151f71d0cf355bc287645b5.exe	86
PID 3796 wrote to memory of 2944	3796	700741fd8151f71d0cf355bc287645b5.exe	86
PID 3796 wrote to memory of 2944	3796	700741fd8151f71d0cf355bc287645b5.exe	86

C:\Users\Admin\AppData\Local\Temp\700741fd8151f71d0cf355bc287645b5.exe
"C:\Users\Admin\AppData\Local\Temp\700741fd8151f71d0cf355bc287645b5.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3796
- C:\Users\Admin\AppData\Local\Temp\700741fd8151f71d0cf355bc287645b5.exe
  C:\Users\Admin\AppData\Local\Temp\700741fd8151f71d0cf355bc287645b5.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\700741fd8151f71d0cf355bc287645b5.exe

Filesize
771KB

MD5
9c50c57eb6ffce9ae0a481e04f13fce6

SHA1
0c46e71f8974371083e892477b091c5dff484ff3

SHA256
9ffd03ad0a17b36cc391e7cd44ba79f4f5a1da428ffaefc4e3f57cac82f8caa3

SHA512
f7d02adffea357909ed2d45188bca473b60ed98221761b9095883ada07eadb4c3f4022cdd7a130aed08e78759c318b098bd20997bc6667937c44db79c33258b8

Download Submit
memory/2944-13-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/2944-15-0x00000000014D0000-0x0000000001536000-memory.dmp

Filesize
408KB

Download
memory/2944-20-0x0000000004E90000-0x0000000004EEF000-memory.dmp

Filesize
380KB

Download
memory/2944-21-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2944-30-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2944-33-0x000000000B600000-0x000000000B63C000-memory.dmp

Filesize
240KB

Download
memory/2944-36-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/3796-0-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/3796-1-0x0000000001470000-0x00000000014D6000-memory.dmp

Filesize
408KB

Download
memory/3796-2-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/3796-12-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download