Analysis
-
max time kernel
137s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
24/01/2024, 10:45
Static task
static1
Behavioral task
behavioral1
Sample
720698b0e5a3f51597ca90f9d2c71d10.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
720698b0e5a3f51597ca90f9d2c71d10.exe
Resource
win10v2004-20231215-en
General
-
Target
720698b0e5a3f51597ca90f9d2c71d10.exe
-
Size
771KB
-
MD5
720698b0e5a3f51597ca90f9d2c71d10
-
SHA1
b0706ad5fc4d663b9b8d02225ff3502d58bc2626
-
SHA256
27d28776e4b3c116764612ab909edf3c449c58f869dccb4cb5aff9993da2b9f8
-
SHA512
5de975319ef360ae7e714a6c6b56cf258583887c3eed934325b38be839ffcde251fcbeccd40d88d9aa285bc37887e35cdfefe27ebbc4a272b4d4a8ac2da08fab
-
SSDEEP
24576:xUMQs5HSRiIhxmJb10hJaothZ2/T6FBBB:H3exu/ofT
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2404 720698b0e5a3f51597ca90f9d2c71d10.exe -
Executes dropped EXE 1 IoCs
pid Process 2404 720698b0e5a3f51597ca90f9d2c71d10.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3544 720698b0e5a3f51597ca90f9d2c71d10.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 3544 720698b0e5a3f51597ca90f9d2c71d10.exe 2404 720698b0e5a3f51597ca90f9d2c71d10.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3544 wrote to memory of 2404 3544 720698b0e5a3f51597ca90f9d2c71d10.exe 87 PID 3544 wrote to memory of 2404 3544 720698b0e5a3f51597ca90f9d2c71d10.exe 87 PID 3544 wrote to memory of 2404 3544 720698b0e5a3f51597ca90f9d2c71d10.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\720698b0e5a3f51597ca90f9d2c71d10.exe"C:\Users\Admin\AppData\Local\Temp\720698b0e5a3f51597ca90f9d2c71d10.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3544 -
C:\Users\Admin\AppData\Local\Temp\720698b0e5a3f51597ca90f9d2c71d10.exeC:\Users\Admin\AppData\Local\Temp\720698b0e5a3f51597ca90f9d2c71d10.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2404
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
97KB
MD522886fa3913c9b3788123e1185de70e5
SHA16e5816dfa0a3cd37eb988dfc8b60d445ec596ae5
SHA256d0324ad3ad084e4c2b28bba260a6da017f0c0fbab3b27dc1c7160ff1bce1d4a8
SHA512ac89fb7b7e78512bf32dd01a368988bdbc6dd869800279e8e95df2f99eca8ec90f40b57c716371d6fb3123bc11bfe64d686b3182df428485d6608ec0d328272e