Analysis
-
max time kernel
138s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 17:02
Static task
static1
Behavioral task
behavioral1
Sample
750a45ffaa72f0acf325748edbf3bf35.exe
Resource
win7-20231215-en
General
-
Target
750a45ffaa72f0acf325748edbf3bf35.exe
-
Size
771KB
-
MD5
750a45ffaa72f0acf325748edbf3bf35
-
SHA1
db882018fd091e2b3467a0386c82f5365b0fb17c
-
SHA256
686ea96873af08a40753a12567b316dcd9251c07a602ba593cfc50642daa94e6
-
SHA512
8ad76d44b3718eb10beaf73586d69db6b85e0612949b89fec7edb792851344299f8aa03a5c240839fc22ba1583523cfe8d9488331a1aeea389c869ce3f68b72d
-
SSDEEP
12288:GRrcqlKmGO7kplRA7Y766FCvW9z+4b10VHmDXTuFaa2AtyGTKOF25ZoJJyhRge8V:GRrBkmSWuFR64b10hJaothZ2/T6FBBB
Malware Config
Signatures
-
Deletes itself 1 IoCs
Processes:
750a45ffaa72f0acf325748edbf3bf35.exepid process 3768 750a45ffaa72f0acf325748edbf3bf35.exe -
Executes dropped EXE 1 IoCs
Processes:
750a45ffaa72f0acf325748edbf3bf35.exepid process 3768 750a45ffaa72f0acf325748edbf3bf35.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
Processes:
750a45ffaa72f0acf325748edbf3bf35.exepid process 4720 750a45ffaa72f0acf325748edbf3bf35.exe -
Suspicious use of UnmapMainImage 2 IoCs
Processes:
750a45ffaa72f0acf325748edbf3bf35.exe750a45ffaa72f0acf325748edbf3bf35.exepid process 4720 750a45ffaa72f0acf325748edbf3bf35.exe 3768 750a45ffaa72f0acf325748edbf3bf35.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
750a45ffaa72f0acf325748edbf3bf35.exedescription pid process target process PID 4720 wrote to memory of 3768 4720 750a45ffaa72f0acf325748edbf3bf35.exe 750a45ffaa72f0acf325748edbf3bf35.exe PID 4720 wrote to memory of 3768 4720 750a45ffaa72f0acf325748edbf3bf35.exe 750a45ffaa72f0acf325748edbf3bf35.exe PID 4720 wrote to memory of 3768 4720 750a45ffaa72f0acf325748edbf3bf35.exe 750a45ffaa72f0acf325748edbf3bf35.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\750a45ffaa72f0acf325748edbf3bf35.exe"C:\Users\Admin\AppData\Local\Temp\750a45ffaa72f0acf325748edbf3bf35.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4720 -
C:\Users\Admin\AppData\Local\Temp\750a45ffaa72f0acf325748edbf3bf35.exeC:\Users\Admin\AppData\Local\Temp\750a45ffaa72f0acf325748edbf3bf35.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:3768
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\750a45ffaa72f0acf325748edbf3bf35.exeFilesize
771KB
MD579868787657b2cabe954f276863c366e
SHA1944664842952ac92bc937d09f0802a1fb0743e3f
SHA256f8a99771cc10a60c29f49a1a3381d383f24428f80cec0f206f0330525f319f4c
SHA5120e54d4e27368872681c14127c86fb9790114a43c971b77cad6ef24a4d3e836cc030849489787e70a59131563b60ba47ec4b804b584bdbabd08a565fe137689de
-
memory/3768-13-0x0000000000400000-0x0000000000466000-memory.dmpFilesize
408KB
-
memory/3768-14-0x00000000014D0000-0x0000000001536000-memory.dmpFilesize
408KB
-
memory/3768-20-0x0000000004E90000-0x0000000004EEF000-memory.dmpFilesize
380KB
-
memory/3768-21-0x0000000000400000-0x000000000043C000-memory.dmpFilesize
240KB
-
memory/3768-32-0x0000000000400000-0x000000000040E000-memory.dmpFilesize
56KB
-
memory/3768-36-0x000000000C660000-0x000000000C69C000-memory.dmpFilesize
240KB
-
memory/3768-38-0x0000000000400000-0x000000000040E000-memory.dmpFilesize
56KB
-
memory/4720-0-0x0000000000400000-0x0000000000466000-memory.dmpFilesize
408KB
-
memory/4720-1-0x00000000015D0000-0x0000000001636000-memory.dmpFilesize
408KB
-
memory/4720-2-0x0000000000400000-0x000000000045F000-memory.dmpFilesize
380KB
-
memory/4720-11-0x0000000000400000-0x000000000045F000-memory.dmpFilesize
380KB