Analysis
-
max time kernel
137s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 17:43
Static task
static1
Behavioral task
behavioral1
Sample
751f73044d0b419d6ddb606917bb59ac.exe
Resource
win7-20231215-en
General
-
Target
751f73044d0b419d6ddb606917bb59ac.exe
-
Size
385KB
-
MD5
751f73044d0b419d6ddb606917bb59ac
-
SHA1
20c19cff1d3a5b38cd5fe9725f84dad4fd065f5e
-
SHA256
85cdb11bbcb91fa874b5ff4eee8565d7f64421bc17965dbafc932e387397ad71
-
SHA512
b8893a18922041cb3825f88f5cf3749aafbcb36ee0f0459251e1c770207833975fb69237782b948f8a32c39764e71d29368d7ad30925a462682edbe2a70cb69b
-
SSDEEP
6144:NcXKbTgeHqR6t3AFVZFv7c6j2R5EmKblrvM/wBQb+RHSgJKQfJWCB:NweHKBZF1YZIlSPwHSgJdfJWCB
Malware Config
Signatures
-
Deletes itself 1 IoCs
Processes:
751f73044d0b419d6ddb606917bb59ac.exepid process 1152 751f73044d0b419d6ddb606917bb59ac.exe -
Executes dropped EXE 1 IoCs
Processes:
751f73044d0b419d6ddb606917bb59ac.exepid process 1152 751f73044d0b419d6ddb606917bb59ac.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
Processes:
751f73044d0b419d6ddb606917bb59ac.exepid process 772 751f73044d0b419d6ddb606917bb59ac.exe -
Suspicious use of UnmapMainImage 2 IoCs
Processes:
751f73044d0b419d6ddb606917bb59ac.exe751f73044d0b419d6ddb606917bb59ac.exepid process 772 751f73044d0b419d6ddb606917bb59ac.exe 1152 751f73044d0b419d6ddb606917bb59ac.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
751f73044d0b419d6ddb606917bb59ac.exedescription pid process target process PID 772 wrote to memory of 1152 772 751f73044d0b419d6ddb606917bb59ac.exe 751f73044d0b419d6ddb606917bb59ac.exe PID 772 wrote to memory of 1152 772 751f73044d0b419d6ddb606917bb59ac.exe 751f73044d0b419d6ddb606917bb59ac.exe PID 772 wrote to memory of 1152 772 751f73044d0b419d6ddb606917bb59ac.exe 751f73044d0b419d6ddb606917bb59ac.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\751f73044d0b419d6ddb606917bb59ac.exe"C:\Users\Admin\AppData\Local\Temp\751f73044d0b419d6ddb606917bb59ac.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:772 -
C:\Users\Admin\AppData\Local\Temp\751f73044d0b419d6ddb606917bb59ac.exeC:\Users\Admin\AppData\Local\Temp\751f73044d0b419d6ddb606917bb59ac.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:1152
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
385KB
MD5872e70cb448f13b8270b919f96f23d94
SHA1d84d7db54c843844ceea06f917dd247c4f6c7c65
SHA2566045c6ae9e6d4d0142d2d5ad09e21d0a989b7ab29d1602ec47cad395660336ac
SHA512eb32434c7518d0fe7707ea5a3b1a5d53096ec6552677dd817e1a3b9f7b07d4968f9f2dd65d09ad82bc89e8ab83e8650afa4379bc0874253c1f3be6f428677698