Analysis
-
max time kernel
141s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
26-01-2024 10:32
Static task
static1
Behavioral task
behavioral1
Sample
771f8026e14e9bc1c299cdbfc0b2dc7e.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
771f8026e14e9bc1c299cdbfc0b2dc7e.exe
Resource
win10v2004-20231215-en
General
-
Target
771f8026e14e9bc1c299cdbfc0b2dc7e.exe
-
Size
771KB
-
MD5
771f8026e14e9bc1c299cdbfc0b2dc7e
-
SHA1
e57d8c79d0e35b85bcac4083c7e5ceab50dc15ff
-
SHA256
37f45172ad98f1d52d5cabd9312b4c735215b431fbe65e5587df9fe58ca5a298
-
SHA512
ff36e7322c0973d510056007daf23d73e6de907c07ad5e5dc82c4edda9686cae5b67d959b21f72a2422c7e9eb4e257ad4e77dc76a3db5f83f7ca71d630db235a
-
SSDEEP
24576:KfY8HvDVLHBZhf5b10hJaothZ2/T6FBBB:YPxzbRl/ofT
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 4668 771f8026e14e9bc1c299cdbfc0b2dc7e.exe -
Executes dropped EXE 1 IoCs
pid Process 4668 771f8026e14e9bc1c299cdbfc0b2dc7e.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 7 pastebin.com 8 pastebin.com -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 4436 771f8026e14e9bc1c299cdbfc0b2dc7e.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 4436 771f8026e14e9bc1c299cdbfc0b2dc7e.exe 4668 771f8026e14e9bc1c299cdbfc0b2dc7e.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4436 wrote to memory of 4668 4436 771f8026e14e9bc1c299cdbfc0b2dc7e.exe 87 PID 4436 wrote to memory of 4668 4436 771f8026e14e9bc1c299cdbfc0b2dc7e.exe 87 PID 4436 wrote to memory of 4668 4436 771f8026e14e9bc1c299cdbfc0b2dc7e.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\771f8026e14e9bc1c299cdbfc0b2dc7e.exe"C:\Users\Admin\AppData\Local\Temp\771f8026e14e9bc1c299cdbfc0b2dc7e.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4436 -
C:\Users\Admin\AppData\Local\Temp\771f8026e14e9bc1c299cdbfc0b2dc7e.exeC:\Users\Admin\AppData\Local\Temp\771f8026e14e9bc1c299cdbfc0b2dc7e.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:4668
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
771KB
MD5a443db9e6c62112b3835ea68be484944
SHA16e260981b4b65b0c51a5e812fcf84a9c86d73468
SHA256a38528526a0a5e619276214d8e8a40d3b964bbc0cdac5d90561894e08e2a3cef
SHA5128fa3c36cc01a178faad18b9210b5eb5b8a8d60150615bdb2456f70b5d616f3f3c2b4d277c232619cbf5fa39122a5202a6a1276c6bb6f66808c7fd6e27e46b7c2