Analysis
-
max time kernel
119s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
25-01-2024 16:52
General
-
Target
7503f33c454ff72f582b1d730cd89471.exe
-
Size
241KB
-
MD5
7503f33c454ff72f582b1d730cd89471
-
SHA1
8d4a46c0be9ee73f8b6b32459d8998db490a8461
-
SHA256
4409a2d6457405682a5a0ada61573bb53117a5906a4021bc52ec89ec46a08ddb
-
SHA512
cf99c784346caaa71579e735ffd98ae4c7536402ff36eee0ebcb8f0b826106aa3f91871e174c6dc239adc8d1cd30a150856c840933e7715240c782653e757496
-
SSDEEP
6144:Sd+0o58vYv0YMb5627rvzg97XdjBZzL2V:Sd+b6UC6yXgJXN6V
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
-
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of UnmapMainImage 2 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7503f33c454ff72f582b1d730cd89471.exe"C:\Users\Admin\AppData\Local\Temp\7503f33c454ff72f582b1d730cd89471.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\7503f33c454ff72f582b1d730cd89471.exeC:\Users\Admin\AppData\Local\Temp\7503f33c454ff72f582b1d730cd89471.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\schtasks.exeschtasks.exe /CREATE /RL HIGHEST /SC ONLOGON /TR "C:\Users\Admin\AppData\Local\Temp\7503f33c454ff72f582b1d730cd89471.exe" /TN Google_Trk_Updater /F3⤵
- Creates scheduled task(s)
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\CabF7D.tmpFilesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
C:\Users\Admin\AppData\Local\Temp\TarF90.tmpFilesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06
-
\Users\Admin\AppData\Local\Temp\7503f33c454ff72f582b1d730cd89471.exeFilesize
241KB
MD5e93b9329f07a2414e1dccef070f78031
SHA1f6ba9971abbfb681e265beb942aa0a53d6e40d87
SHA256a6690d4457b69fda2311a98b3d014a85d59d1160289c193111a4dc217124ae7c
SHA512966bc99f185583a7f767beaf66d346cd7b5f1e4bf3ef3f59eb9ca4fc3f8371b80d54df242cde3d95da5cdea1f440b83ae253b82ceae4750b61d81b7446db57de
-
memory/3028-0-0x0000000000400000-0x00000000004B7000-memory.dmpFilesize
732KB
-
memory/3028-1-0x0000000000400000-0x0000000000466000-memory.dmpFilesize
408KB
-
memory/3028-2-0x0000000000190000-0x0000000000247000-memory.dmpFilesize
732KB
-
memory/3028-15-0x0000000002CF0000-0x0000000002DA7000-memory.dmpFilesize
732KB
-
memory/3028-14-0x0000000000400000-0x0000000000466000-memory.dmpFilesize
408KB
-
memory/3068-17-0x0000000000400000-0x00000000004B7000-memory.dmpFilesize
732KB
-
memory/3068-18-0x0000000000400000-0x0000000000466000-memory.dmpFilesize
408KB
-
memory/3068-23-0x0000000000400000-0x000000000045B000-memory.dmpFilesize
364KB
-
memory/3068-28-0x0000000000370000-0x00000000003D6000-memory.dmpFilesize
408KB