8b9d15b0abd9ebfe7bc5f29df3b7a2c04fc8e58330e1bea45e95f47a29dde793

Analysis

max time kernel
86s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
27/01/2024, 02:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7900455766a83a2a732f6d24ff676133.exe
Size

907KB
MD5

7900455766a83a2a732f6d24ff676133
SHA1

944f9b0f46eb94704b8f1dec00d019ea4ed02504
SHA256

8b9d15b0abd9ebfe7bc5f29df3b7a2c04fc8e58330e1bea45e95f47a29dde793
SHA512

1a1da77a462fca3aade36a5bfc0038a7b90f64ceb459d0118b70940648e8c312ff1b518b054a2851dbdd3943e73b3a9847d1a47360755a75e6658a43cbcc12a1
SSDEEP

12288:DlgSU/6hirc8fhizm7dIShJfbH8U4WWNdhWjYsldfQ8mwe/E+n/e0u/ZZXjVDa/S:Dlg0uclqRIcbgrNdgddARe0u/7Va/ZS1

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3704	7900455766a83a2a732f6d24ff676133.exe

Executes dropped EXE 1 IoCs

pid	Process
3704	7900455766a83a2a732f6d24ff676133.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	pastebin.com
7	pastebin.com

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1136	7900455766a83a2a732f6d24ff676133.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1136	7900455766a83a2a732f6d24ff676133.exe
3704	7900455766a83a2a732f6d24ff676133.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1136 wrote to memory of 3704	1136	7900455766a83a2a732f6d24ff676133.exe	89
PID 1136 wrote to memory of 3704	1136	7900455766a83a2a732f6d24ff676133.exe	89
PID 1136 wrote to memory of 3704	1136	7900455766a83a2a732f6d24ff676133.exe	89

C:\Users\Admin\AppData\Local\Temp\7900455766a83a2a732f6d24ff676133.exe
"C:\Users\Admin\AppData\Local\Temp\7900455766a83a2a732f6d24ff676133.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1136
- C:\Users\Admin\AppData\Local\Temp\7900455766a83a2a732f6d24ff676133.exe
  C:\Users\Admin\AppData\Local\Temp\7900455766a83a2a732f6d24ff676133.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7900455766a83a2a732f6d24ff676133.exe

Filesize
907KB

MD5
8481491e63804c3464f2c4c45a933874

SHA1
dafeab52161201b0e05540d1a1d4af110cbc2de3

SHA256
c562f91322b45f3d5196d688f47be0ea38c9cfd6869f4f426d7277b50a08cae9

SHA512
6ba430650b10d5f4966c18a882139845a9a38836063b9b322a5dfe4ec7207da2884de9dfbae8bbfb657587bd971f074b3820fd5d292e4de028b4d2021ac8f2b4

Download Submit
memory/1136-0-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/1136-1-0x0000000001710000-0x00000000017F8000-memory.dmp

Filesize
928KB

Download
memory/1136-2-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download
memory/1136-11-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download
memory/3704-13-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/3704-16-0x00000000017E0000-0x00000000018C8000-memory.dmp

Filesize
928KB

Download
memory/3704-21-0x0000000005070000-0x000000000512B000-memory.dmp

Filesize
748KB

Download
memory/3704-20-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/3704-30-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/3704-36-0x000000000C840000-0x000000000C8D8000-memory.dmp

Filesize
608KB

Download