af4d0c5deb05760986ebd84be39a457dd9166e358f8155f1c4a0f61cdc9c4fde

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
01/02/2024, 19:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

87b5cf9853b48d405292facce3fc4da0.exe
Size

3.3MB
MD5

87b5cf9853b48d405292facce3fc4da0
SHA1

c2050be78d739553546f69cb8ede3dfda8e4ee62
SHA256

af4d0c5deb05760986ebd84be39a457dd9166e358f8155f1c4a0f61cdc9c4fde
SHA512

d6f536ab2e06a32c13487c5b51ab0ca836891db4b3fd1653824fc789a2f9784af001378acbf99ca711bcba70bc56f0480dfbe33b1ad524dd90baef38e9ab5981
SSDEEP

49152:3cZWSDE/paoEemmUITHfgFPqmm326tM20X6AEbapgeikEafWRRL6SGk+426tMc:3clE4oxmmU+4dq/32k+6Ajme4afWRf2O

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3016	87b5cf9853b48d405292facce3fc4da0.exe

Executes dropped EXE 1 IoCs

pid	Process
3016	87b5cf9853b48d405292facce3fc4da0.exe

Loads dropped DLL 1 IoCs

pid	Process
2868	87b5cf9853b48d405292facce3fc4da0.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2868	87b5cf9853b48d405292facce3fc4da0.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2868	87b5cf9853b48d405292facce3fc4da0.exe
3016	87b5cf9853b48d405292facce3fc4da0.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2868 wrote to memory of 3016	2868	87b5cf9853b48d405292facce3fc4da0.exe	28
PID 2868 wrote to memory of 3016	2868	87b5cf9853b48d405292facce3fc4da0.exe	28
PID 2868 wrote to memory of 3016	2868	87b5cf9853b48d405292facce3fc4da0.exe	28
PID 2868 wrote to memory of 3016	2868	87b5cf9853b48d405292facce3fc4da0.exe	28

C:\Users\Admin\AppData\Local\Temp\87b5cf9853b48d405292facce3fc4da0.exe
"C:\Users\Admin\AppData\Local\Temp\87b5cf9853b48d405292facce3fc4da0.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2868
- C:\Users\Admin\AppData\Local\Temp\87b5cf9853b48d405292facce3fc4da0.exe
  C:\Users\Admin\AppData\Local\Temp\87b5cf9853b48d405292facce3fc4da0.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\87b5cf9853b48d405292facce3fc4da0.exe

Filesize
763KB

MD5
9b46068e6316aa871150914b427c89a6

SHA1
597e21fccebed810e7552dfd4517dff507a4bd09

SHA256
9e550612e5f3fdabd20f83564d4925d273ccab13789645b148d2eaf31466c892

SHA512
2a7e1979aa84fad360d645eabf5a293a1c7b71d1338d2e7c17cb9d9ace85a890af0267407c3df73e24d6454dfbafd00ab97b54d19a2c8cd5c2c371b87cead25d

Download Submit
\Users\Admin\AppData\Local\Temp\87b5cf9853b48d405292facce3fc4da0.exe

Filesize
54KB

MD5
0e40c284656a5271446b953b2b0cbad4

SHA1
ebac96a7b0b156a6f91a485f62d4a0a9ba9db7bb

SHA256
8c19c81ac77fcae46acff67014cb5eb21c734b3eee55202440621d3fb4aa8f4a

SHA512
ce6f9becf2546a973c47a1ee42ea5120c2bebf6aca7d6ef8c3a8912e04753b21f2a55430bc49eb460eab8848f55ceb8f533ddc6807cdc4b21f7ee9ab12420641

Download Submit
memory/2868-0-0x0000000000400000-0x0000000000877000-memory.dmp

Filesize
4.5MB

Download
memory/2868-1-0x0000000000400000-0x000000000064D000-memory.dmp

Filesize
2.3MB

Download
memory/2868-2-0x0000000001DC0000-0x0000000002237000-memory.dmp

Filesize
4.5MB

Download
memory/2868-13-0x0000000000400000-0x000000000064D000-memory.dmp

Filesize
2.3MB

Download
memory/2868-16-0x0000000003D00000-0x0000000004177000-memory.dmp

Filesize
4.5MB

Download
memory/3016-15-0x0000000000400000-0x000000000064D000-memory.dmp

Filesize
2.3MB

Download
memory/3016-18-0x0000000001DB0000-0x0000000002227000-memory.dmp

Filesize
4.5MB

Download
memory/3016-20-0x0000000000400000-0x0000000000877000-memory.dmp

Filesize
4.5MB

Download
memory/3016-23-0x0000000000400000-0x0000000000640000-memory.dmp

Filesize
2.2MB

Download
memory/3016-25-0x0000000003870000-0x0000000003ABD000-memory.dmp

Filesize
2.3MB

Download