Analysis
-
max time kernel
124s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
24/01/2024, 07:30
Static task
static1
Behavioral task
behavioral1
Sample
71a278956e360787f976ae641b6b3bbc.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
71a278956e360787f976ae641b6b3bbc.exe
Resource
win10v2004-20231215-en
General
-
Target
71a278956e360787f976ae641b6b3bbc.exe
-
Size
907KB
-
MD5
71a278956e360787f976ae641b6b3bbc
-
SHA1
498e47b9099e51b803e7fb14fe892eaf9cff0d82
-
SHA256
dedc30557e77d295d1c3bb9fb00cfb5b497ca8e06c4223040c2e90dc8ca1f7a2
-
SHA512
535ad823fb46b1b4f09430482b9d5576de96947f41b4c9ed30f4b650eb8a0067e262e6cc75651401ae2bf1bb8bd9df53c319959862e901fefbab6ced74131c57
-
SSDEEP
24576:AZBBgrsqI0wdBwFtkU49Vfm8aM8gFvKVYLa/ZS1:+PgDwdGkU2pm8X8oLgS
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 4284 71a278956e360787f976ae641b6b3bbc.exe -
Executes dropped EXE 1 IoCs
pid Process 4284 71a278956e360787f976ae641b6b3bbc.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1092 71a278956e360787f976ae641b6b3bbc.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1092 71a278956e360787f976ae641b6b3bbc.exe 4284 71a278956e360787f976ae641b6b3bbc.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1092 wrote to memory of 4284 1092 71a278956e360787f976ae641b6b3bbc.exe 90 PID 1092 wrote to memory of 4284 1092 71a278956e360787f976ae641b6b3bbc.exe 90 PID 1092 wrote to memory of 4284 1092 71a278956e360787f976ae641b6b3bbc.exe 90
Processes
-
C:\Users\Admin\AppData\Local\Temp\71a278956e360787f976ae641b6b3bbc.exe"C:\Users\Admin\AppData\Local\Temp\71a278956e360787f976ae641b6b3bbc.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1092 -
C:\Users\Admin\AppData\Local\Temp\71a278956e360787f976ae641b6b3bbc.exeC:\Users\Admin\AppData\Local\Temp\71a278956e360787f976ae641b6b3bbc.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:4284
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
390KB
MD5cf415a5b25d9b9701261d3b693bbba32
SHA1ba7e1a91e57efe834336baadc62d3705d589d5c1
SHA256561f6aba5c6b4410cfdff44121c407d0cdf89c321a8d8c5f8fa5a54e9ddd6c55
SHA512a95c714a71b735a39df1c56e23849010e8907e5785f1b2c5c251961164260cad0e04b77982db329130f137ee6f743d0751c031ab4b063176e39f3d04fac02ccd