b5c03b6581e159956d36c0d8c9f343cd1323f2f1e194ad8e02d8ff0c28b132f2

Analysis

max time kernel
142s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/01/2024, 03:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

73913619f8c9b8f3f516e1055a433618.exe
Size

385KB
MD5

73913619f8c9b8f3f516e1055a433618
SHA1

033de03690d1ad4e52e08ea45c950a1dff2349e3
SHA256

b5c03b6581e159956d36c0d8c9f343cd1323f2f1e194ad8e02d8ff0c28b132f2
SHA512

09aa3cecd1f47156ff53d8918cec24328b629a6fe4b84694080e4ec4d99948570806ee330f5d83cadf2bf1ffd7cfd13e2202eb9f0f9700c09a1ba623734153b7
SSDEEP

12288:PnZMYlJw6ESGy4oKBvImeeUqVyZDE3u00uC7ySFB:BMYIS43IFk3PqyyB

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2148	73913619f8c9b8f3f516e1055a433618.exe

Executes dropped EXE 1 IoCs

pid	Process
2148	73913619f8c9b8f3f516e1055a433618.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2204	73913619f8c9b8f3f516e1055a433618.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2204	73913619f8c9b8f3f516e1055a433618.exe
2148	73913619f8c9b8f3f516e1055a433618.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 2148	2204	73913619f8c9b8f3f516e1055a433618.exe	85
PID 2204 wrote to memory of 2148	2204	73913619f8c9b8f3f516e1055a433618.exe	85
PID 2204 wrote to memory of 2148	2204	73913619f8c9b8f3f516e1055a433618.exe	85

C:\Users\Admin\AppData\Local\Temp\73913619f8c9b8f3f516e1055a433618.exe
"C:\Users\Admin\AppData\Local\Temp\73913619f8c9b8f3f516e1055a433618.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Users\Admin\AppData\Local\Temp\73913619f8c9b8f3f516e1055a433618.exe
  C:\Users\Admin\AppData\Local\Temp\73913619f8c9b8f3f516e1055a433618.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\73913619f8c9b8f3f516e1055a433618.exe

Filesize
385KB

MD5
3d9a913cf7723866cb2ad3fd696c5d6e

SHA1
dfe5d590a2e037f95af3174af52e0ee3f9f25e4c

SHA256
c77402ec8fad4f0cfc8087efcc90e1159e04097b6b83f5dce741c8b69aa183d1

SHA512
1d55cb69e2e3b0997bc627079514976ef3c7461a0a2a20550c0ebdf64406911e572119beb6085f54d352d2b994357fa8713c5057eae88cce7b403d4bdbda4740

Download Submit
memory/2148-13-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/2148-18-0x0000000001470000-0x00000000014D6000-memory.dmp

Filesize
408KB

Download
memory/2148-20-0x0000000001620000-0x000000000167F000-memory.dmp

Filesize
380KB

Download
memory/2148-21-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2148-30-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2148-33-0x000000000C620000-0x000000000C65C000-memory.dmp

Filesize
240KB

Download
memory/2148-36-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2204-0-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/2204-1-0x00000000014D0000-0x0000000001536000-memory.dmp

Filesize
408KB

Download
memory/2204-2-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2204-11-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download