Analysis
-
max time kernel
139s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 17:35
Static task
static1
Behavioral task
behavioral1
Sample
751bb7e94eea53e73da0c642939b37da.exe
Resource
win7-20231129-en
General
-
Target
751bb7e94eea53e73da0c642939b37da.exe
-
Size
385KB
-
MD5
751bb7e94eea53e73da0c642939b37da
-
SHA1
33dd32d353940f2b3998d439ccbd4f8dc29a4745
-
SHA256
816ceac49c2d646e60cdb2dc54c860d9f8352c099eef6b9aad6521613348ad5f
-
SHA512
565650cb842c3166861229c31cb1c992d5b31e35ab1e102758ebe6d14df53ccc3ea9ecd1c2d82440900deaa4190060317e8687c15fdf094869b1c0f34fc37ad5
-
SSDEEP
12288:F0Jl/Ct2wbPCSl4csZB9FnA0I+gqMFK6O2S8B:CLCER24x79FnAF+5MU6Or8B
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3912 751bb7e94eea53e73da0c642939b37da.exe -
Executes dropped EXE 1 IoCs
pid Process 3912 751bb7e94eea53e73da0c642939b37da.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 2 pastebin.com 3 pastebin.com -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3456 751bb7e94eea53e73da0c642939b37da.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 3456 751bb7e94eea53e73da0c642939b37da.exe 3912 751bb7e94eea53e73da0c642939b37da.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3456 wrote to memory of 3912 3456 751bb7e94eea53e73da0c642939b37da.exe 89 PID 3456 wrote to memory of 3912 3456 751bb7e94eea53e73da0c642939b37da.exe 89 PID 3456 wrote to memory of 3912 3456 751bb7e94eea53e73da0c642939b37da.exe 89
Processes
-
C:\Users\Admin\AppData\Local\Temp\751bb7e94eea53e73da0c642939b37da.exe"C:\Users\Admin\AppData\Local\Temp\751bb7e94eea53e73da0c642939b37da.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3456 -
C:\Users\Admin\AppData\Local\Temp\751bb7e94eea53e73da0c642939b37da.exeC:\Users\Admin\AppData\Local\Temp\751bb7e94eea53e73da0c642939b37da.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:3912
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
385KB
MD54bd4cc6cdfceb75845e0a22399fadad6
SHA1eb62571ef88e71447251d412a39f59c2691bbdc5
SHA25638caa3db5f0d87736d1ae188c7b3f0ce49b8acb8bb5e33ae4a44ed9f026bf576
SHA5120ea795c32213a8fea7d0807b67ed6acb28e7707fa93c483e22598c6a8843d6e0f758a6b61d3ee42fd711f386163f7eecf07f8bd4b00eca0539793aac3537190a