Analysis
-
max time kernel
120s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
28/01/2024, 22:58
Behavioral task
behavioral1
Sample
7e3add20dfc848c75d0255d724f5946c.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
7e3add20dfc848c75d0255d724f5946c.exe
Resource
win10v2004-20231215-en
General
-
Target
7e3add20dfc848c75d0255d724f5946c.exe
-
Size
5.8MB
-
MD5
7e3add20dfc848c75d0255d724f5946c
-
SHA1
8f30a964fdd3c7ffe585cc3564ac1e77862daed8
-
SHA256
672d689dbfa1b4a3ce68444c0bda9ebbd7b4d6289a17887ebc60d8913c1965f6
-
SHA512
b976015c0d7d10522c9e38e8459f0079749b9d135373b94c56babe70657ede70c165093f348684fb12bd6bafb127c5147334d69f1a739b9b72fcb14738880c57
-
SSDEEP
98304:rwonZXuHOtruvshvWsHau42c1joCjMPkNwk6alDAqD7z3uboHau42c1joCjMPkNQ:04riv2fauq1jI86FA7y2auq1jI86
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2172 7e3add20dfc848c75d0255d724f5946c.exe -
Executes dropped EXE 1 IoCs
pid Process 2172 7e3add20dfc848c75d0255d724f5946c.exe -
Loads dropped DLL 1 IoCs
pid Process 2052 7e3add20dfc848c75d0255d724f5946c.exe -
resource yara_rule behavioral1/memory/2052-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x000b000000012262-10.dat upx behavioral1/memory/2172-16-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x000b000000012262-15.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2052 7e3add20dfc848c75d0255d724f5946c.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2052 7e3add20dfc848c75d0255d724f5946c.exe 2172 7e3add20dfc848c75d0255d724f5946c.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2052 wrote to memory of 2172 2052 7e3add20dfc848c75d0255d724f5946c.exe 28 PID 2052 wrote to memory of 2172 2052 7e3add20dfc848c75d0255d724f5946c.exe 28 PID 2052 wrote to memory of 2172 2052 7e3add20dfc848c75d0255d724f5946c.exe 28 PID 2052 wrote to memory of 2172 2052 7e3add20dfc848c75d0255d724f5946c.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\7e3add20dfc848c75d0255d724f5946c.exe"C:\Users\Admin\AppData\Local\Temp\7e3add20dfc848c75d0255d724f5946c.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2052 -
C:\Users\Admin\AppData\Local\Temp\7e3add20dfc848c75d0255d724f5946c.exeC:\Users\Admin\AppData\Local\Temp\7e3add20dfc848c75d0255d724f5946c.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2172
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.1MB
MD5ca1354d074f60eac8fbbba704d7033ce
SHA1fa4fc3d369fc782e5488f23cea7d446bf00f9a02
SHA256c8b50dcf647e7ef44bab6290d39fd593aca608cfb84dc0d4bafd6845ec2d743c
SHA512fed876e0c5f09916f8c17fd35148b4206bc453bc515b70c2daf19f72ab6332d7a7b0b7108819b59bd2dff6b5e5efa41a5307e428fa7e85828a13608bb1006939
-
Filesize
2.6MB
MD5cca3b092b9b8df9cc1633e43ca67f5aa
SHA1bd1e0768bef9e8cafd7d47a5cf571589e5d1035c
SHA256bc0c7b6f1494df2721e0b546af909b7690ed1adf078551f3ae3014393896c70e
SHA512ca57462b5554e4511a85833d2dfa0788dc43570f2390dfb7b5c1a21baea40248380c451be252b7969cc8fb89be8462360a3f0b39854ed1148d299b9dfd82961b