Analysis
-
max time kernel
88s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
28/01/2024, 11:05
Static task
static1
Behavioral task
behavioral1
Sample
7cf4cfa723867c10ab9601132839627b.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
7cf4cfa723867c10ab9601132839627b.exe
Resource
win10v2004-20231222-en
General
-
Target
7cf4cfa723867c10ab9601132839627b.exe
-
Size
385KB
-
MD5
7cf4cfa723867c10ab9601132839627b
-
SHA1
2038b92f05d15354d0035f8977f589c3fee66681
-
SHA256
a85eea8da1a6f8ec1d96a61acc36d25417932c65f40c8cba9bc4184bf7fe7670
-
SHA512
e1ec879a8ee0d899b50980570cb8e6bd32c6b43da6e5e102c8dcdf3255a4ca8a9ac07d461266302d03fac1b33ca36e7033b33f94e21850973dcb02d19b5c6aec
-
SSDEEP
6144:F6U8oUowzNamOHKr2RDkN67pRHkbvRymT9bSrhasrMGgfeHGB:xFUowzY5qr2DpWZKha3GguGB
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2812 7cf4cfa723867c10ab9601132839627b.exe -
Executes dropped EXE 1 IoCs
pid Process 2812 7cf4cfa723867c10ab9601132839627b.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 3 pastebin.com 4 pastebin.com -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2180 7cf4cfa723867c10ab9601132839627b.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2180 7cf4cfa723867c10ab9601132839627b.exe 2812 7cf4cfa723867c10ab9601132839627b.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2180 wrote to memory of 2812 2180 7cf4cfa723867c10ab9601132839627b.exe 32 PID 2180 wrote to memory of 2812 2180 7cf4cfa723867c10ab9601132839627b.exe 32 PID 2180 wrote to memory of 2812 2180 7cf4cfa723867c10ab9601132839627b.exe 32
Processes
-
C:\Users\Admin\AppData\Local\Temp\7cf4cfa723867c10ab9601132839627b.exe"C:\Users\Admin\AppData\Local\Temp\7cf4cfa723867c10ab9601132839627b.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2180 -
C:\Users\Admin\AppData\Local\Temp\7cf4cfa723867c10ab9601132839627b.exeC:\Users\Admin\AppData\Local\Temp\7cf4cfa723867c10ab9601132839627b.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2812
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
174KB
MD5dc06638aea98611fbd5161de9a489d5d
SHA1129eff2a73d7927342384b0b43a224e9b4a91ee3
SHA256d386b9993e77cfac6bfa0de9c2ff5d45d6c9d2c2781ff4164985bdc8cac04df6
SHA51218b87981dea181b9046ca00e5789c45b6ee8e2e162f53da6a8cdbb65a06eea2ba7be6fee39cf97d01469559aad25c2f8fc642165bce9927036919c834af975b6