Analysis
-
max time kernel
150s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 17:40
Static task
static1
Behavioral task
behavioral1
Sample
751e5c1201bb0c9821aea59fa2baf7c5.exe
Resource
win7-20231215-en
General
-
Target
751e5c1201bb0c9821aea59fa2baf7c5.exe
-
Size
385KB
-
MD5
751e5c1201bb0c9821aea59fa2baf7c5
-
SHA1
4725de78ba60076c3677c4e5158753ac95bedf6a
-
SHA256
5bc539044959631e8942d9fa7fc7c032a80577ff7ec1113996177aa6bfdf90b2
-
SHA512
ac17cff640c64f3f921824e21b2b1059efbf9218a35922419304cf20509c3f5251d88b3daecbde21314b1317be3104f58f3adf84950afde7332ae4c640b9d2db
-
SSDEEP
6144:+d6/rvDUtAKTrpXZC+sTX9zXbre1z1Ex/wDkL3HIgGEDtFPSx9xkFerNTh8MzB:+d6HOrobre1z1Ex/ZL3HIAerbrN2oB
Malware Config
Signatures
-
Deletes itself 1 IoCs
Processes:
751e5c1201bb0c9821aea59fa2baf7c5.exepid process 644 751e5c1201bb0c9821aea59fa2baf7c5.exe -
Executes dropped EXE 1 IoCs
Processes:
751e5c1201bb0c9821aea59fa2baf7c5.exepid process 644 751e5c1201bb0c9821aea59fa2baf7c5.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
Processes:
751e5c1201bb0c9821aea59fa2baf7c5.exepid process 1604 751e5c1201bb0c9821aea59fa2baf7c5.exe -
Suspicious use of UnmapMainImage 2 IoCs
Processes:
751e5c1201bb0c9821aea59fa2baf7c5.exe751e5c1201bb0c9821aea59fa2baf7c5.exepid process 1604 751e5c1201bb0c9821aea59fa2baf7c5.exe 644 751e5c1201bb0c9821aea59fa2baf7c5.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
751e5c1201bb0c9821aea59fa2baf7c5.exedescription pid process target process PID 1604 wrote to memory of 644 1604 751e5c1201bb0c9821aea59fa2baf7c5.exe 751e5c1201bb0c9821aea59fa2baf7c5.exe PID 1604 wrote to memory of 644 1604 751e5c1201bb0c9821aea59fa2baf7c5.exe 751e5c1201bb0c9821aea59fa2baf7c5.exe PID 1604 wrote to memory of 644 1604 751e5c1201bb0c9821aea59fa2baf7c5.exe 751e5c1201bb0c9821aea59fa2baf7c5.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\751e5c1201bb0c9821aea59fa2baf7c5.exe"C:\Users\Admin\AppData\Local\Temp\751e5c1201bb0c9821aea59fa2baf7c5.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1604 -
C:\Users\Admin\AppData\Local\Temp\751e5c1201bb0c9821aea59fa2baf7c5.exeC:\Users\Admin\AppData\Local\Temp\751e5c1201bb0c9821aea59fa2baf7c5.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:644
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
385KB
MD565354b17f6ce1af5ec969744b58a8695
SHA131b6f2363ae9dd7c3853c67aee05f0ae944bd1db
SHA256ac642458f2b79fa9453cddd748f857e33c98f866d4343bd569f54c5637b7eff3
SHA512602307a8d077402cea496a84e933d72f7abf185834f9f78d51ec435fcca4d5d5d1b636f26787bec6539b22ac549e5845571e9771c034d645cd956f9691adca94