Analysis
-
max time kernel
151s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
28/01/2024, 22:58
Behavioral task
behavioral1
Sample
7e3add20dfc848c75d0255d724f5946c.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
7e3add20dfc848c75d0255d724f5946c.exe
Resource
win10v2004-20231215-en
General
-
Target
7e3add20dfc848c75d0255d724f5946c.exe
-
Size
5.8MB
-
MD5
7e3add20dfc848c75d0255d724f5946c
-
SHA1
8f30a964fdd3c7ffe585cc3564ac1e77862daed8
-
SHA256
672d689dbfa1b4a3ce68444c0bda9ebbd7b4d6289a17887ebc60d8913c1965f6
-
SHA512
b976015c0d7d10522c9e38e8459f0079749b9d135373b94c56babe70657ede70c165093f348684fb12bd6bafb127c5147334d69f1a739b9b72fcb14738880c57
-
SSDEEP
98304:rwonZXuHOtruvshvWsHau42c1joCjMPkNwk6alDAqD7z3uboHau42c1joCjMPkNQ:04riv2fauq1jI86FA7y2auq1jI86
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 644 7e3add20dfc848c75d0255d724f5946c.exe -
Executes dropped EXE 1 IoCs
pid Process 644 7e3add20dfc848c75d0255d724f5946c.exe -
resource yara_rule behavioral2/memory/4776-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x0006000000023218-11.dat upx behavioral2/memory/644-13-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 4776 7e3add20dfc848c75d0255d724f5946c.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 4776 7e3add20dfc848c75d0255d724f5946c.exe 644 7e3add20dfc848c75d0255d724f5946c.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4776 wrote to memory of 644 4776 7e3add20dfc848c75d0255d724f5946c.exe 84 PID 4776 wrote to memory of 644 4776 7e3add20dfc848c75d0255d724f5946c.exe 84 PID 4776 wrote to memory of 644 4776 7e3add20dfc848c75d0255d724f5946c.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\7e3add20dfc848c75d0255d724f5946c.exe"C:\Users\Admin\AppData\Local\Temp\7e3add20dfc848c75d0255d724f5946c.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4776 -
C:\Users\Admin\AppData\Local\Temp\7e3add20dfc848c75d0255d724f5946c.exeC:\Users\Admin\AppData\Local\Temp\7e3add20dfc848c75d0255d724f5946c.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:644
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.1MB
MD51ba9a3131bfe9c9f56955e9e9154d124
SHA1b5c35c499b9e306b7bbba88385c2fc6a13499ff6
SHA256c0452add3f5763ec09de6f2b102f6736b9adefe6cd0da510e6e27412494314db
SHA512da2ebcb849642e93135aaa7ae8e1aebf9cb98b59c516f61ebb04724d2eca33ba3446017915d4f2b22101e91106ea5e6e0aa7fa0aa3587060288f3473dea2c7cf