Analysis
-
max time kernel
90s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
03-02-2024 17:58
Behavioral task
behavioral1
Sample
8cfa9a6eeacd95084c96d1bcf12ceed1.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
8cfa9a6eeacd95084c96d1bcf12ceed1.exe
Resource
win10v2004-20231222-en
General
-
Target
8cfa9a6eeacd95084c96d1bcf12ceed1.exe
-
Size
2.7MB
-
MD5
8cfa9a6eeacd95084c96d1bcf12ceed1
-
SHA1
4e1f5b7ba3fa332c00103bab93640fd194857d41
-
SHA256
1cf6e2846db9b1a1954626e3dd04bb7788f5843c5c4cb45d619e80be7ed18080
-
SHA512
1c3c0c98e223eb979faf03ac553e6faec746bffea79e3c66fdf559df376097a2326d04587c9372bcb3ae1cdd8d6d531c60ede496958890216310dd299b77da73
-
SSDEEP
49152:vQfii6LXqDMldHs9xzIvwCsO7XygRhZ1Bonf:vM6TwMldHszzvqbyMhZ4f
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3328 8cfa9a6eeacd95084c96d1bcf12ceed1.exe -
Executes dropped EXE 1 IoCs
pid Process 3328 8cfa9a6eeacd95084c96d1bcf12ceed1.exe -
resource yara_rule behavioral2/memory/1312-0-0x0000000000400000-0x000000000086A000-memory.dmp upx behavioral2/files/0x00070000000231fc-12.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1312 8cfa9a6eeacd95084c96d1bcf12ceed1.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1312 8cfa9a6eeacd95084c96d1bcf12ceed1.exe 3328 8cfa9a6eeacd95084c96d1bcf12ceed1.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1312 wrote to memory of 3328 1312 8cfa9a6eeacd95084c96d1bcf12ceed1.exe 87 PID 1312 wrote to memory of 3328 1312 8cfa9a6eeacd95084c96d1bcf12ceed1.exe 87 PID 1312 wrote to memory of 3328 1312 8cfa9a6eeacd95084c96d1bcf12ceed1.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\8cfa9a6eeacd95084c96d1bcf12ceed1.exe"C:\Users\Admin\AppData\Local\Temp\8cfa9a6eeacd95084c96d1bcf12ceed1.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1312 -
C:\Users\Admin\AppData\Local\Temp\8cfa9a6eeacd95084c96d1bcf12ceed1.exeC:\Users\Admin\AppData\Local\Temp\8cfa9a6eeacd95084c96d1bcf12ceed1.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:3328
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
214KB
MD501e9b8710fb7855c1a4af93340a00cd3
SHA1d8034bdab4cb18a39d12c35a0a653c0a5798bd44
SHA2569f41f99cbc48caec35742f00c967f0a374f51cb88d8839756399c34c95431bbe
SHA5124de3c244b98ad699796bd6fc9c0ca581a0819e42dff8b609abe840748f56819168accd396d334d1869340be5f8bf5697488463ee82d2ef3fd3227ce20adab31d