Analysis
-
max time kernel
142s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 16:56
Static task
static1
Behavioral task
behavioral1
Sample
75067eb32bed5ff61f5047abac91503e.exe
Resource
win7-20231215-en
General
-
Target
75067eb32bed5ff61f5047abac91503e.exe
-
Size
907KB
-
MD5
75067eb32bed5ff61f5047abac91503e
-
SHA1
e9622610ed6979fc9a56d4d967e12818e1cebc5d
-
SHA256
fbbb7e6ce8d8e953b50c365115df1b31a4efc1272b2fb4b5b43f43b3767029c7
-
SHA512
b9d8a768fe4ffcbacaf5192ec40dcc29b1fa664c0d52740991dd30f7fa94a662e4fbfcb996751d392f90922a9813be2b1693254e26bcd85d2da294103751e9ea
-
SSDEEP
12288:+vhnDFtRJb7N94vcL8V/u8IlaWKZzof4k6ekxcByv0WdGXl2fjVDa/ZS1:ytRR4vckupYWo7k6U40WdGXl2Na/ZS1
Malware Config
Signatures
-
Deletes itself 1 IoCs
Processes:
75067eb32bed5ff61f5047abac91503e.exepid process 2180 75067eb32bed5ff61f5047abac91503e.exe -
Executes dropped EXE 1 IoCs
Processes:
75067eb32bed5ff61f5047abac91503e.exepid process 2180 75067eb32bed5ff61f5047abac91503e.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
Processes:
75067eb32bed5ff61f5047abac91503e.exepid process 4584 75067eb32bed5ff61f5047abac91503e.exe -
Suspicious use of UnmapMainImage 2 IoCs
Processes:
75067eb32bed5ff61f5047abac91503e.exe75067eb32bed5ff61f5047abac91503e.exepid process 4584 75067eb32bed5ff61f5047abac91503e.exe 2180 75067eb32bed5ff61f5047abac91503e.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
75067eb32bed5ff61f5047abac91503e.exedescription pid process target process PID 4584 wrote to memory of 2180 4584 75067eb32bed5ff61f5047abac91503e.exe 75067eb32bed5ff61f5047abac91503e.exe PID 4584 wrote to memory of 2180 4584 75067eb32bed5ff61f5047abac91503e.exe 75067eb32bed5ff61f5047abac91503e.exe PID 4584 wrote to memory of 2180 4584 75067eb32bed5ff61f5047abac91503e.exe 75067eb32bed5ff61f5047abac91503e.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\75067eb32bed5ff61f5047abac91503e.exe"C:\Users\Admin\AppData\Local\Temp\75067eb32bed5ff61f5047abac91503e.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4584 -
C:\Users\Admin\AppData\Local\Temp\75067eb32bed5ff61f5047abac91503e.exeC:\Users\Admin\AppData\Local\Temp\75067eb32bed5ff61f5047abac91503e.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2180
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\75067eb32bed5ff61f5047abac91503e.exeFilesize
907KB
MD50fa13eccb5734b3f71bfda5601ed323b
SHA107dd73510174a716156bb2da43eea670010c0fb6
SHA2568165b0dd070146b2324735004a5a5e8fed5ce8ead856ccccfb645b95718805cd
SHA5122c8e9a86a7fed39fd73327b4121bd04328d7a081e6281e091d9a0b29d73d9643c2f18fd99ada4c889225a749f3f63cc0ae7c226e5792168789d5f6ad42aeb755
-
memory/2180-13-0x0000000000400000-0x00000000004E8000-memory.dmpFilesize
928KB
-
memory/2180-14-0x0000000001740000-0x0000000001828000-memory.dmpFilesize
928KB
-
memory/2180-20-0x00000000051A0000-0x000000000525B000-memory.dmpFilesize
748KB
-
memory/2180-21-0x0000000000400000-0x0000000000498000-memory.dmpFilesize
608KB
-
memory/2180-30-0x0000000000400000-0x0000000000443000-memory.dmpFilesize
268KB
-
memory/2180-32-0x000000000B800000-0x000000000B898000-memory.dmpFilesize
608KB
-
memory/4584-0-0x0000000000400000-0x00000000004E8000-memory.dmpFilesize
928KB
-
memory/4584-1-0x00000000017A0000-0x0000000001888000-memory.dmpFilesize
928KB
-
memory/4584-2-0x0000000000400000-0x00000000004BB000-memory.dmpFilesize
748KB
-
memory/4584-11-0x0000000000400000-0x00000000004BB000-memory.dmpFilesize
748KB