Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 17:11
Static task
static1
Behavioral task
behavioral1
Sample
750f2b6aa881f5c0d2a31594114ef012.exe
Resource
win7-20231215-en
General
-
Target
750f2b6aa881f5c0d2a31594114ef012.exe
-
Size
385KB
-
MD5
750f2b6aa881f5c0d2a31594114ef012
-
SHA1
8cb45dc9517baf0922405a87c80b8ec5cb33608a
-
SHA256
3b7da21bdcd1e4771b9508a5c1d6d404ce1ddf1292be5869ef081f72cc0bdae3
-
SHA512
35c223e8353b75827a133909920d0d8e4bd9d9abfd2df563ea90f77e18fd273f6ddd4f9fb5a537ca486b3c4df4fd059c67325d696adc9550bf60ff4458b8ea7e
-
SSDEEP
12288:Igef29ChD/jb8Mv1u5/B7uHb5ashTq/S75B:NH9Chz/LcJ765/hTeSVB
Malware Config
Signatures
-
Deletes itself 1 IoCs
Processes:
750f2b6aa881f5c0d2a31594114ef012.exepid process 2204 750f2b6aa881f5c0d2a31594114ef012.exe -
Executes dropped EXE 1 IoCs
Processes:
750f2b6aa881f5c0d2a31594114ef012.exepid process 2204 750f2b6aa881f5c0d2a31594114ef012.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
Processes:
750f2b6aa881f5c0d2a31594114ef012.exepid process 3232 750f2b6aa881f5c0d2a31594114ef012.exe -
Suspicious use of UnmapMainImage 2 IoCs
Processes:
750f2b6aa881f5c0d2a31594114ef012.exe750f2b6aa881f5c0d2a31594114ef012.exepid process 3232 750f2b6aa881f5c0d2a31594114ef012.exe 2204 750f2b6aa881f5c0d2a31594114ef012.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
750f2b6aa881f5c0d2a31594114ef012.exedescription pid process target process PID 3232 wrote to memory of 2204 3232 750f2b6aa881f5c0d2a31594114ef012.exe 750f2b6aa881f5c0d2a31594114ef012.exe PID 3232 wrote to memory of 2204 3232 750f2b6aa881f5c0d2a31594114ef012.exe 750f2b6aa881f5c0d2a31594114ef012.exe PID 3232 wrote to memory of 2204 3232 750f2b6aa881f5c0d2a31594114ef012.exe 750f2b6aa881f5c0d2a31594114ef012.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\750f2b6aa881f5c0d2a31594114ef012.exe"C:\Users\Admin\AppData\Local\Temp\750f2b6aa881f5c0d2a31594114ef012.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3232 -
C:\Users\Admin\AppData\Local\Temp\750f2b6aa881f5c0d2a31594114ef012.exeC:\Users\Admin\AppData\Local\Temp\750f2b6aa881f5c0d2a31594114ef012.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2204
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\750f2b6aa881f5c0d2a31594114ef012.exeFilesize
385KB
MD5cc0d7e8b14d0097da97c69e5a949910b
SHA178721ad717ae4f0fa4de6b410345ffe35fd083d9
SHA25664e60fc015f92b5cdb4d89841461bf06593ccd0ba93115721d87c3f30820a9aa
SHA512010929972a689e9d4214c104e5a849f2b90d7ddb60ddbad124b9a12791c82c0e7a2cc7ccb82579e98d7c840688b24af9ee8ef8f4666f4d7d6e6d1139c8027afd
-
memory/2204-13-0x0000000000400000-0x0000000000466000-memory.dmpFilesize
408KB
-
memory/2204-14-0x0000000001470000-0x00000000014D6000-memory.dmpFilesize
408KB
-
memory/2204-20-0x0000000001600000-0x000000000165F000-memory.dmpFilesize
380KB
-
memory/2204-21-0x0000000000400000-0x000000000043C000-memory.dmpFilesize
240KB
-
memory/2204-32-0x000000000B600000-0x000000000B63C000-memory.dmpFilesize
240KB
-
memory/2204-30-0x0000000000400000-0x000000000040E000-memory.dmpFilesize
56KB
-
memory/2204-36-0x0000000000400000-0x000000000040E000-memory.dmpFilesize
56KB
-
memory/3232-0-0x0000000000400000-0x0000000000466000-memory.dmpFilesize
408KB
-
memory/3232-1-0x00000000014D0000-0x0000000001536000-memory.dmpFilesize
408KB
-
memory/3232-2-0x0000000000400000-0x000000000045F000-memory.dmpFilesize
380KB
-
memory/3232-11-0x0000000000400000-0x000000000045F000-memory.dmpFilesize
380KB