Analysis
-
max time kernel
136s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
29/01/2024, 09:53
Static task
static1
Behavioral task
behavioral1
Sample
7f8983de7aaa0dc9f1e5781af61331cd.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
7f8983de7aaa0dc9f1e5781af61331cd.exe
Resource
win10v2004-20231215-en
General
-
Target
7f8983de7aaa0dc9f1e5781af61331cd.exe
-
Size
105KB
-
MD5
7f8983de7aaa0dc9f1e5781af61331cd
-
SHA1
2ee2b0720c11e919cd66eb7db78de3721bf608a8
-
SHA256
ab16140a9c9de8dec3bc36cf0bb7b28847f8f6a15bf229231245f1c0b64eec2c
-
SHA512
031ff4391f5b65a19f2499ba8296744fc89f4752c21b15cbbeeab60371e2e7234abc381e0e00275625615f43680042cd4f2eb7bd00c81812c7ba48b2fc7d134b
-
SSDEEP
3072:ToIxvIG98kc6OdwGEnqrO8voEIMxtRdj9RApW9i:MGIG9U66wGEn6O8vRtD9RAY4
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3924 7f8983de7aaa0dc9f1e5781af61331cd.exe -
Executes dropped EXE 1 IoCs
pid Process 3924 7f8983de7aaa0dc9f1e5781af61331cd.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1844 7f8983de7aaa0dc9f1e5781af61331cd.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1844 7f8983de7aaa0dc9f1e5781af61331cd.exe 3924 7f8983de7aaa0dc9f1e5781af61331cd.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1844 wrote to memory of 3924 1844 7f8983de7aaa0dc9f1e5781af61331cd.exe 84 PID 1844 wrote to memory of 3924 1844 7f8983de7aaa0dc9f1e5781af61331cd.exe 84 PID 1844 wrote to memory of 3924 1844 7f8983de7aaa0dc9f1e5781af61331cd.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\7f8983de7aaa0dc9f1e5781af61331cd.exe"C:\Users\Admin\AppData\Local\Temp\7f8983de7aaa0dc9f1e5781af61331cd.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1844 -
C:\Users\Admin\AppData\Local\Temp\7f8983de7aaa0dc9f1e5781af61331cd.exeC:\Users\Admin\AppData\Local\Temp\7f8983de7aaa0dc9f1e5781af61331cd.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:3924
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
105KB
MD5104e71caf17df1758c7c2a3696d5a385
SHA1d1e8cdd3763da08fcbcf471f256e93433eb5724d
SHA256b2fef7c2b1e92631993f6b38c4c4c81e4d1a19de6323b67e95eb076124a5ebee
SHA512898c4c85a71160bbd1b600b7284795c6e61b64c2a562d728a0c91013ecaf345fa9ad3450adb1befaf3d0f6392a298ea71292ac5239ebcc0ea62b5ec00bae6f04