24bcb43b9a4bf453c45df1afa4862bbed6627c44db7523c414a52343cdaaa607

Analysis

max time kernel
151s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01/02/2024, 12:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

86e085819ea58af12d156c3a71b3e7c7.exe
Size

907KB
MD5

86e085819ea58af12d156c3a71b3e7c7
SHA1

718881b950ca5cb7f91076b53653a7a6a9992bb1
SHA256

24bcb43b9a4bf453c45df1afa4862bbed6627c44db7523c414a52343cdaaa607
SHA512

737cf6a4a241e56ce7ae7173a1257a6ad2771da9ab6dde0c7f1652b66cd90c842c44ce454e42a5737d57b2b4ae747a0de0c478d3a52ade77fbbf9b37f8d2b4c1
SSDEEP

12288:ewSbrMltg8hRRLSe3LjkNqXTHoU0LqmL+J5m5EA/EGsQaAVs4zShnlwJb+1jVDaq:hK4ltZhRROxQYqmL+JG/EU2fa/ZS1

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2620	86e085819ea58af12d156c3a71b3e7c7.exe

Executes dropped EXE 1 IoCs

pid	Process
2620	86e085819ea58af12d156c3a71b3e7c7.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
8	pastebin.com
9	pastebin.com

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3412	86e085819ea58af12d156c3a71b3e7c7.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3412	86e085819ea58af12d156c3a71b3e7c7.exe
2620	86e085819ea58af12d156c3a71b3e7c7.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3412 wrote to memory of 2620	3412	86e085819ea58af12d156c3a71b3e7c7.exe	85
PID 3412 wrote to memory of 2620	3412	86e085819ea58af12d156c3a71b3e7c7.exe	85
PID 3412 wrote to memory of 2620	3412	86e085819ea58af12d156c3a71b3e7c7.exe	85

C:\Users\Admin\AppData\Local\Temp\86e085819ea58af12d156c3a71b3e7c7.exe
"C:\Users\Admin\AppData\Local\Temp\86e085819ea58af12d156c3a71b3e7c7.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3412
- C:\Users\Admin\AppData\Local\Temp\86e085819ea58af12d156c3a71b3e7c7.exe
  C:\Users\Admin\AppData\Local\Temp\86e085819ea58af12d156c3a71b3e7c7.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\86e085819ea58af12d156c3a71b3e7c7.exe

Filesize
907KB

MD5
5c1c6bee338ce20497ff773f95baa238

SHA1
72267afb31d9ca2f35a2f493a67aeca1127a8bda

SHA256
dbc4e915a1495f287f9a3248591124af155351f6a5c914a8b28b548bbe39b18f

SHA512
064308fb4feefee4e4be61647a0582469bb84796229e8341347efe9bc456b9d1563ad706728dc95401138051b7da9ba1ed9c7cd74fb9bfd265376e6a105a3403

Download Submit
memory/2620-13-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/2620-15-0x0000000001770000-0x0000000001858000-memory.dmp

Filesize
928KB

Download
memory/2620-20-0x0000000005190000-0x000000000524B000-memory.dmp

Filesize
748KB

Download
memory/2620-21-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/2620-30-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/2620-32-0x000000000B800000-0x000000000B898000-memory.dmp

Filesize
608KB

Download
memory/3412-0-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/3412-1-0x0000000001690000-0x0000000001778000-memory.dmp

Filesize
928KB

Download
memory/3412-2-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download
memory/3412-11-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download