Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 22:23
Static task
static1
Behavioral task
behavioral1
Sample
75a90840e6ba8fc72909b4be60d41bf0.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
75a90840e6ba8fc72909b4be60d41bf0.exe
Resource
win10v2004-20231222-en
General
-
Target
75a90840e6ba8fc72909b4be60d41bf0.exe
-
Size
162KB
-
MD5
75a90840e6ba8fc72909b4be60d41bf0
-
SHA1
57a47c68dc7fbd9dc9c8c04f116924b8b85c965f
-
SHA256
4668ff5769973409d84a21cd43640b2e6846ab118bd80958300960809f0e7518
-
SHA512
08e3572ca42cd2aea585031e291385eb3c37afb26d88626053315469fe25350813507364de4e3414278135f11ada39b07c8e1eb58d3d659ad4784ce117b35874
-
SSDEEP
3072:3S9lmt9AUZjg4o7DUXvNK+T/b8bITU02MJ2:C9lmHAUpo7svNKGD8UU0RJ2
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2004 75a90840e6ba8fc72909b4be60d41bf0.exe -
Executes dropped EXE 1 IoCs
pid Process 2004 75a90840e6ba8fc72909b4be60d41bf0.exe -
Loads dropped DLL 1 IoCs
pid Process 1740 75a90840e6ba8fc72909b4be60d41bf0.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1740 75a90840e6ba8fc72909b4be60d41bf0.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1740 75a90840e6ba8fc72909b4be60d41bf0.exe 2004 75a90840e6ba8fc72909b4be60d41bf0.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1740 wrote to memory of 2004 1740 75a90840e6ba8fc72909b4be60d41bf0.exe 29 PID 1740 wrote to memory of 2004 1740 75a90840e6ba8fc72909b4be60d41bf0.exe 29 PID 1740 wrote to memory of 2004 1740 75a90840e6ba8fc72909b4be60d41bf0.exe 29 PID 1740 wrote to memory of 2004 1740 75a90840e6ba8fc72909b4be60d41bf0.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\75a90840e6ba8fc72909b4be60d41bf0.exe"C:\Users\Admin\AppData\Local\Temp\75a90840e6ba8fc72909b4be60d41bf0.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1740 -
C:\Users\Admin\AppData\Local\Temp\75a90840e6ba8fc72909b4be60d41bf0.exeC:\Users\Admin\AppData\Local\Temp\75a90840e6ba8fc72909b4be60d41bf0.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2004
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
162KB
MD58337d1d175dbf0d4ad88f13ea17ad655
SHA1529e9a25b428df12975f949036ded6c8f633a913
SHA256df27614c89d2c2433fc68cbbfb3f731d1e1812309d325324f67233847e638e04
SHA5128a03155e560006067a3fd3d475c523fb18e9556bcd36ca733b4b91b56c2a86555f8907d5f4f6559e20ef1d19541c80544499bce2a3c3de1f765a7c7aabc3278e