333a23ef0be1af47f9fac74ea6dc8a3d32547b48976f43e2348b237945eefa08

Analysis

max time kernel
137s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/01/2024, 22:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

73109c8d60456cc09785b55cf4a26f3f.exe
Size

907KB
MD5

73109c8d60456cc09785b55cf4a26f3f
SHA1

962220c531058bb50398a449a39df755af15e5b4
SHA256

333a23ef0be1af47f9fac74ea6dc8a3d32547b48976f43e2348b237945eefa08
SHA512

08f913a58ece452718e73fc3d1189333d55039f2431fcc7ad9f55b5f6d05fb90697cf3908cd01096c71eab8aecbd15f9f326143c1e1ce1c3c374cb7c9a7fbf67
SSDEEP

24576:fRujIGQ0JGVk+ZmU38GKN0jmQLN+6iujKT6lPJa/ZS1:5ujJQY+ZmbV0CQB+RuOT6lRgS

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2168	73109c8d60456cc09785b55cf4a26f3f.exe

Executes dropped EXE 1 IoCs

pid	Process
2168	73109c8d60456cc09785b55cf4a26f3f.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
536	73109c8d60456cc09785b55cf4a26f3f.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
536	73109c8d60456cc09785b55cf4a26f3f.exe
2168	73109c8d60456cc09785b55cf4a26f3f.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 536 wrote to memory of 2168	536	73109c8d60456cc09785b55cf4a26f3f.exe	90
PID 536 wrote to memory of 2168	536	73109c8d60456cc09785b55cf4a26f3f.exe	90
PID 536 wrote to memory of 2168	536	73109c8d60456cc09785b55cf4a26f3f.exe	90

C:\Users\Admin\AppData\Local\Temp\73109c8d60456cc09785b55cf4a26f3f.exe
"C:\Users\Admin\AppData\Local\Temp\73109c8d60456cc09785b55cf4a26f3f.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:536
- C:\Users\Admin\AppData\Local\Temp\73109c8d60456cc09785b55cf4a26f3f.exe
  C:\Users\Admin\AppData\Local\Temp\73109c8d60456cc09785b55cf4a26f3f.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\73109c8d60456cc09785b55cf4a26f3f.exe

Filesize
907KB

MD5
55554b1aec25b9630a4f1289656a1ef6

SHA1
c8277fdff0308b5718d0a5c235e9e058e5974a7b

SHA256
265f9eea627709e548469764d5dfe873ffd3bad12ab9aba1cced1add6635d011

SHA512
3c5a88d7fdec4dcd20886177b60f4eef26956213d02f8491eb203bdf5fe8a14cc9de6a73483687cab72261e9c1c750ebfbf73a5d9da59b8fd29c981be42afaa2

Download Submit
memory/536-0-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/536-1-0x0000000001790000-0x0000000001878000-memory.dmp

Filesize
928KB

Download
memory/536-2-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download
memory/536-11-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download
memory/2168-13-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/2168-16-0x0000000001680000-0x0000000001768000-memory.dmp

Filesize
928KB

Download
memory/2168-20-0x0000000005060000-0x000000000511B000-memory.dmp

Filesize
748KB

Download
memory/2168-21-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/2168-30-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/2168-33-0x000000000B800000-0x000000000B898000-memory.dmp

Filesize
608KB

Download