92fb9724f0ef177668b4e5a4fc241b07770aecaefcab15798a5efdf0aa528267

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
12-02-2024 08:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

96c494ce1773b242d7810477e5ca0847.exe
Size

82KB
MD5

96c494ce1773b242d7810477e5ca0847
SHA1

0230cec714674081084a1f7d83039fd3c85ab0c3
SHA256

92fb9724f0ef177668b4e5a4fc241b07770aecaefcab15798a5efdf0aa528267
SHA512

c33554fa9be8c6d9df3516a36e288df26f757cddaea6a793542442f974745f0ca961db60c4027e42e18d54c17774c2798ababade3e93e38343da0fb8ebf9beb7
SSDEEP

1536:jYXntOU3UrSHGgFY8RkSWkkkkJRDL9h5m1bNl+GJ7IKmY9Xte6cfO9CtJDnOhnbc:jYXntO5rN8RkSWkkkkJRDZh8NAoIKv9y

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2872	96c494ce1773b242d7810477e5ca0847.exe

Executes dropped EXE 1 IoCs

pid	Process
2872	96c494ce1773b242d7810477e5ca0847.exe

Loads dropped DLL 1 IoCs

pid	Process
3032	96c494ce1773b242d7810477e5ca0847.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3032	96c494ce1773b242d7810477e5ca0847.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3032	96c494ce1773b242d7810477e5ca0847.exe
2872	96c494ce1773b242d7810477e5ca0847.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3032 wrote to memory of 2872	3032	96c494ce1773b242d7810477e5ca0847.exe	29
PID 3032 wrote to memory of 2872	3032	96c494ce1773b242d7810477e5ca0847.exe	29
PID 3032 wrote to memory of 2872	3032	96c494ce1773b242d7810477e5ca0847.exe	29
PID 3032 wrote to memory of 2872	3032	96c494ce1773b242d7810477e5ca0847.exe	29

C:\Users\Admin\AppData\Local\Temp\96c494ce1773b242d7810477e5ca0847.exe
"C:\Users\Admin\AppData\Local\Temp\96c494ce1773b242d7810477e5ca0847.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3032
- C:\Users\Admin\AppData\Local\Temp\96c494ce1773b242d7810477e5ca0847.exe
  C:\Users\Admin\AppData\Local\Temp\96c494ce1773b242d7810477e5ca0847.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\96c494ce1773b242d7810477e5ca0847.exe

Filesize
82KB

MD5
3fd7c890422484fecf6faaa6411610ea

SHA1
bedb257922924354e04a7a7e85c3b9db11881334

SHA256
1546f533bd9d21e823e1704f03e279871737f2519540010f554e67c700a7fa02

SHA512
e39df1201b92c189f320e181213b90c2c892e40cbe52e7ffa870bfb7633b6e66f12749ad170b2dfc971713428e0c3dc6592c01b2fcf3233ea5c0b2af13e25189

Download Submit
\Users\Admin\AppData\Local\Temp\96c494ce1773b242d7810477e5ca0847.exe

Filesize
64KB

MD5
06642cd900d82793143761698b14a415

SHA1
21002bb95fd2623e2ce91507bf3c02db6924e564

SHA256
28fba59675962dfaad550d967a42e3f2c7c405c88ecb4b273e6619fb986e2f5a

SHA512
ea06967b4907789edc865444a34c788d8f631288ce191be75813e5d5bc1063d19cf7e29fd2535580677e008ef4a38c5730cec59aa6d078da463f48434e676cf2

Download Submit
memory/2872-22-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2872-27-0x0000000000140000-0x000000000016F000-memory.dmp

Filesize
188KB

Download
memory/2872-28-0x00000000001A0000-0x00000000001BB000-memory.dmp

Filesize
108KB

Download
memory/3032-0-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3032-2-0x0000000000140000-0x000000000016F000-memory.dmp

Filesize
188KB

Download
memory/3032-1-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3032-11-0x0000000000190000-0x00000000001BF000-memory.dmp

Filesize
188KB

Download
memory/3032-15-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download