377882b5d89ffb605d33f8e4a1fa5432d65b155daf236367e3649cabc47b3b51

Analysis

max time kernel
107s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/01/2024, 05:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

719f37cd3169d2fa471eafd79ff28f4b.exe
Size

907KB
MD5

719f37cd3169d2fa471eafd79ff28f4b
SHA1

5c7f359ae070945bcced6a0ccf7f77b44b0cf7e0
SHA256

377882b5d89ffb605d33f8e4a1fa5432d65b155daf236367e3649cabc47b3b51
SHA512

bf63c6bceed39c2a18d77cf951c4de69f9413eac14fffebe7f74794db56d5f615f3877cdf7392039f31587a3aa6bf1d0d157e2f25e0d372ad57d47666d3d2c6b
SSDEEP

24576:DfycU10YXLSXkaow3Hkvj6JrDvHxXsa/ZS1:DfTXcGJHHxXsgS

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
4540	719f37cd3169d2fa471eafd79ff28f4b.exe

Executes dropped EXE 1 IoCs

pid	Process
4540	719f37cd3169d2fa471eafd79ff28f4b.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2096	719f37cd3169d2fa471eafd79ff28f4b.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2096	719f37cd3169d2fa471eafd79ff28f4b.exe
4540	719f37cd3169d2fa471eafd79ff28f4b.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2096 wrote to memory of 4540	2096	719f37cd3169d2fa471eafd79ff28f4b.exe	89
PID 2096 wrote to memory of 4540	2096	719f37cd3169d2fa471eafd79ff28f4b.exe	89
PID 2096 wrote to memory of 4540	2096	719f37cd3169d2fa471eafd79ff28f4b.exe	89

C:\Users\Admin\AppData\Local\Temp\719f37cd3169d2fa471eafd79ff28f4b.exe
"C:\Users\Admin\AppData\Local\Temp\719f37cd3169d2fa471eafd79ff28f4b.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2096
- C:\Users\Admin\AppData\Local\Temp\719f37cd3169d2fa471eafd79ff28f4b.exe
  C:\Users\Admin\AppData\Local\Temp\719f37cd3169d2fa471eafd79ff28f4b.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:4540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\719f37cd3169d2fa471eafd79ff28f4b.exe

Filesize
50KB

MD5
4fe4726a66e8457d36bb94e18feca63c

SHA1
7a44710ac898681912bb72833bc084ee691e5381

SHA256
816c4fe928969b2b5c5286629466559a3fbb5fe03c129220dfa91e5663c5b9b2

SHA512
863a687ff5261a46e8e7e03291d60c440230750ee357ab02c14b5c423a438673e8b821616ec77254b8994754032a78f0bc75beff5422d526439b1e1a7b818826

Download Submit
memory/2096-0-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/2096-2-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download
memory/2096-1-0x0000000001640000-0x0000000001728000-memory.dmp

Filesize
928KB

Download
memory/2096-11-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download
memory/4540-15-0x0000000001730000-0x0000000001818000-memory.dmp

Filesize
928KB

Download
memory/4540-21-0x0000000005060000-0x000000000511B000-memory.dmp

Filesize
748KB

Download
memory/4540-20-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/4540-13-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/4540-30-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/4540-31-0x000000000B800000-0x000000000B898000-memory.dmp

Filesize
608KB

Download