Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 16:22
Behavioral task
behavioral1
Sample
74f57e0132799512c0b16ec33b113335.exe
Resource
win7-20231215-en
General
-
Target
74f57e0132799512c0b16ec33b113335.exe
-
Size
133KB
-
MD5
74f57e0132799512c0b16ec33b113335
-
SHA1
fe3ae275ea717e4097f186cd249e76d5becbd5df
-
SHA256
b56c3fb8b613ac5c23803d3958d98f2176dbbee2b3d631270a0f726db00e1be9
-
SHA512
a6796ee2166cb3b522d20a1a443e3429812faa0dd9b8ccfaeb152623e047f07d1afe41c9d2cfc1cd1290a3bd7a9eb7bb012e2f8a4a631e7e9f1a993bdca38245
-
SSDEEP
1536:CXVsFoMLAnzrnH4dhJiRpGvyHlccMdnApU1R85qJ1mCyZ5nA2PTQqYcS9UuFcZXP:rcL4dMGvyFcTd7HaXA2rp+ck/TNLDsuQ
Malware Config
Signatures
-
Deletes itself 1 IoCs
Processes:
74f57e0132799512c0b16ec33b113335.exepid process 2784 74f57e0132799512c0b16ec33b113335.exe -
Executes dropped EXE 1 IoCs
Processes:
74f57e0132799512c0b16ec33b113335.exepid process 2784 74f57e0132799512c0b16ec33b113335.exe -
Loads dropped DLL 1 IoCs
Processes:
74f57e0132799512c0b16ec33b113335.exepid process 2896 74f57e0132799512c0b16ec33b113335.exe -
Processes:
resource yara_rule behavioral1/memory/2896-0-0x0000000000400000-0x0000000000486000-memory.dmp upx \Users\Admin\AppData\Local\Temp\74f57e0132799512c0b16ec33b113335.exe upx behavioral1/memory/2896-13-0x0000000000350000-0x00000000003D6000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
Processes:
74f57e0132799512c0b16ec33b113335.exepid process 2896 74f57e0132799512c0b16ec33b113335.exe -
Suspicious use of UnmapMainImage 2 IoCs
Processes:
74f57e0132799512c0b16ec33b113335.exe74f57e0132799512c0b16ec33b113335.exepid process 2896 74f57e0132799512c0b16ec33b113335.exe 2784 74f57e0132799512c0b16ec33b113335.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
74f57e0132799512c0b16ec33b113335.exedescription pid process target process PID 2896 wrote to memory of 2784 2896 74f57e0132799512c0b16ec33b113335.exe 74f57e0132799512c0b16ec33b113335.exe PID 2896 wrote to memory of 2784 2896 74f57e0132799512c0b16ec33b113335.exe 74f57e0132799512c0b16ec33b113335.exe PID 2896 wrote to memory of 2784 2896 74f57e0132799512c0b16ec33b113335.exe 74f57e0132799512c0b16ec33b113335.exe PID 2896 wrote to memory of 2784 2896 74f57e0132799512c0b16ec33b113335.exe 74f57e0132799512c0b16ec33b113335.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\74f57e0132799512c0b16ec33b113335.exe"C:\Users\Admin\AppData\Local\Temp\74f57e0132799512c0b16ec33b113335.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2896 -
C:\Users\Admin\AppData\Local\Temp\74f57e0132799512c0b16ec33b113335.exeC:\Users\Admin\AppData\Local\Temp\74f57e0132799512c0b16ec33b113335.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2784
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\74f57e0132799512c0b16ec33b113335.exeFilesize
133KB
MD5442e62742573749fca0c23c957b1ead7
SHA11f814882f94c3c04c646447005148c82c3576cac
SHA256c1011594ee9f099185c10cb0d69544540e8c2ae90015462cb95f22743cf1efb8
SHA51278e2b40b88ab20df9c1a99516646d4058e077a2eba917f8b98d9de8136fe44e4962949d1a0a87b01396edaa628576d20d96023919a048df8d1f36846d5dfba84
-
memory/2784-23-0x0000000000150000-0x0000000000171000-memory.dmpFilesize
132KB
-
memory/2784-24-0x0000000000400000-0x0000000000486000-memory.dmpFilesize
536KB
-
memory/2896-0-0x0000000000400000-0x0000000000486000-memory.dmpFilesize
536KB
-
memory/2896-1-0x0000000000400000-0x000000000041F000-memory.dmpFilesize
124KB
-
memory/2896-4-0x00000000000E0000-0x0000000000101000-memory.dmpFilesize
132KB
-
memory/2896-13-0x0000000000350000-0x00000000003D6000-memory.dmpFilesize
536KB
-
memory/2896-15-0x0000000000400000-0x000000000041F000-memory.dmpFilesize
124KB