8331cd7819416f440d495a39c0d92836cebb704ba1513bf4216a018791ed1a68

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/01/2024, 13:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

74cc6b0b0468a76f5b0b76333d7049b1.exe
Size

6.5MB
MD5

74cc6b0b0468a76f5b0b76333d7049b1
SHA1

f38caa67618b87fcc849ca5efb67a04dc2d1feef
SHA256

8331cd7819416f440d495a39c0d92836cebb704ba1513bf4216a018791ed1a68
SHA512

b7f5ec86c82751c266e8fe639b51c2f94bfd18feb7cd46e6210a61f6fac0bf1591651aa0208f750f4eac0697c9a6b3cf3c056f519b4eaaed92c398fefb3054ee
SSDEEP

196608:i7AMTFXjZi7aEXXVmdCJ1gpF6/PMXVmdCJ1gr:icMZjadn5K4i5s

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
836	74cc6b0b0468a76f5b0b76333d7049b1.exe

Executes dropped EXE 1 IoCs

pid	Process
836	74cc6b0b0468a76f5b0b76333d7049b1.exe

Loads dropped DLL 1 IoCs

pid	Process
2476	74cc6b0b0468a76f5b0b76333d7049b1.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2476	74cc6b0b0468a76f5b0b76333d7049b1.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2476	74cc6b0b0468a76f5b0b76333d7049b1.exe
836	74cc6b0b0468a76f5b0b76333d7049b1.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2476 wrote to memory of 836	2476	74cc6b0b0468a76f5b0b76333d7049b1.exe	28
PID 2476 wrote to memory of 836	2476	74cc6b0b0468a76f5b0b76333d7049b1.exe	28
PID 2476 wrote to memory of 836	2476	74cc6b0b0468a76f5b0b76333d7049b1.exe	28
PID 2476 wrote to memory of 836	2476	74cc6b0b0468a76f5b0b76333d7049b1.exe	28

C:\Users\Admin\AppData\Local\Temp\74cc6b0b0468a76f5b0b76333d7049b1.exe
"C:\Users\Admin\AppData\Local\Temp\74cc6b0b0468a76f5b0b76333d7049b1.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2476
- C:\Users\Admin\AppData\Local\Temp\74cc6b0b0468a76f5b0b76333d7049b1.exe
  C:\Users\Admin\AppData\Local\Temp\74cc6b0b0468a76f5b0b76333d7049b1.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\74cc6b0b0468a76f5b0b76333d7049b1.exe

Filesize
97KB

MD5
a6733433955e61ef2c68223fc3398f17

SHA1
219d3735b54b592404bb641948c94aeec3728f68

SHA256
755dfc8074bc28844521bb569621525927507bdc1cc3618013a5d6497c984f9d

SHA512
f9511ba00ca81ca0b73c80911b82dca4435f0bd56b57e086de66a13a172aa4383a7ae7a19cba6d7309b8d1286c22a99692dc5cbe9246544b39cd27acc57e1bdf

Download Submit
\Users\Admin\AppData\Local\Temp\74cc6b0b0468a76f5b0b76333d7049b1.exe

Filesize
153KB

MD5
7cb2027c03b9739fb5dd70c26c20afab

SHA1
627ff6830a5e37d79e9c13790f4f44e3b2fdd324

SHA256
3df95a4b560879cdd6054cd7313165effa91c048e27d6e7f04c3328d4e55d225

SHA512
5c0a83fb8e53c24e452964b4585e746eebcb7b8d31d33d0d4f6d8e9421f9cdb9221f9e998cec6a98e52fda1e232c4b3bee356580eb0bcb0ae592ec6a02fd54cc

Download Submit
memory/836-17-0x0000000000400000-0x0000000000877000-memory.dmp

Filesize
4.5MB

Download
memory/836-19-0x0000000001DC0000-0x0000000002237000-memory.dmp

Filesize
4.5MB

Download
memory/836-16-0x0000000000400000-0x000000000064D000-memory.dmp

Filesize
2.3MB

Download
memory/836-23-0x0000000000400000-0x0000000000640000-memory.dmp

Filesize
2.2MB

Download
memory/836-24-0x0000000003880000-0x0000000003ACD000-memory.dmp

Filesize
2.3MB

Download
memory/2476-1-0x0000000000400000-0x000000000064D000-memory.dmp

Filesize
2.3MB

Download
memory/2476-0-0x0000000000400000-0x0000000000877000-memory.dmp

Filesize
4.5MB

Download
memory/2476-3-0x0000000001AD0000-0x0000000001F47000-memory.dmp

Filesize
4.5MB

Download
memory/2476-15-0x0000000003B80000-0x0000000003FF7000-memory.dmp

Filesize
4.5MB

Download
memory/2476-13-0x0000000000400000-0x000000000064D000-memory.dmp

Filesize
2.3MB

Download