Analysis
-
max time kernel
89s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
04/02/2024, 15:20
Static task
static1
Behavioral task
behavioral1
Sample
8f7cb4b894bf01641e7094705758572e.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
8f7cb4b894bf01641e7094705758572e.exe
Resource
win10v2004-20231222-en
General
-
Target
8f7cb4b894bf01641e7094705758572e.exe
-
Size
385KB
-
MD5
8f7cb4b894bf01641e7094705758572e
-
SHA1
3092a091881536a4d99bd17aaaf256821af937d3
-
SHA256
2add8a21046d66aca9627c3a4247d35478670ffc2659dd78eb24f9d176f49b76
-
SHA512
32155d7d30b3baee6d40032c62cccc694e0f116e27647d59f23d97bc763e334410fbc9923eb9ef49ec85340e785793647051d8af3d62953ea1d9771e7d3015f0
-
SSDEEP
6144:/m5V5DcpkeeZQs5iZJSTVv4qFjiAk6XajXE+FgFIf+ZIhWqL7Z6rG/fbQs6svwTB:u5VZk/wwmOj7gFImzo7QwxvwTB
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 900 8f7cb4b894bf01641e7094705758572e.exe -
Executes dropped EXE 1 IoCs
pid Process 900 8f7cb4b894bf01641e7094705758572e.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 4 pastebin.com 3 pastebin.com -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 100 8f7cb4b894bf01641e7094705758572e.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 100 8f7cb4b894bf01641e7094705758572e.exe 900 8f7cb4b894bf01641e7094705758572e.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 100 wrote to memory of 900 100 8f7cb4b894bf01641e7094705758572e.exe 87 PID 100 wrote to memory of 900 100 8f7cb4b894bf01641e7094705758572e.exe 87 PID 100 wrote to memory of 900 100 8f7cb4b894bf01641e7094705758572e.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\8f7cb4b894bf01641e7094705758572e.exe"C:\Users\Admin\AppData\Local\Temp\8f7cb4b894bf01641e7094705758572e.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:100 -
C:\Users\Admin\AppData\Local\Temp\8f7cb4b894bf01641e7094705758572e.exeC:\Users\Admin\AppData\Local\Temp\8f7cb4b894bf01641e7094705758572e.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:900
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
385KB
MD5d23feb94e68521e5e620459204935ee9
SHA1c134b954a9224dc77f78d1013cd04e3bf49e4441
SHA25612df27790441eed9eaf2c3a9f5a4cc0665395674de0992d06af5b599ab92fc59
SHA512f0c19a8fe2b9fc801ffb1eac3b39ad8119012e8851c9fd105be87c9aa67a92b01c01c608219c0eb08e4bc12fcb907687fc3d244dde725e28d9bad7dbd880b7de