Analysis
-
max time kernel
142s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
13/02/2024, 00:15
Static task
static1
Behavioral task
behavioral1
Sample
97fc8763592eb7f6fb56f15f6bd02362.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
97fc8763592eb7f6fb56f15f6bd02362.exe
Resource
win10v2004-20231215-en
General
-
Target
97fc8763592eb7f6fb56f15f6bd02362.exe
-
Size
385KB
-
MD5
97fc8763592eb7f6fb56f15f6bd02362
-
SHA1
247970134c27a6259be6c7603a869b91eb5f4f4c
-
SHA256
fb2466c612cd158cda2a3345354d746df248bfdd6db3a905527b838e39051f92
-
SHA512
96a0a53ce3e175e9b32e8930dbe72defc26c3bf9112c4fc1cde7000f82e096631a88c8e721c6e3c8db0344aab3545e5030159ba4b309076c23b1ce8bda61d5eb
-
SSDEEP
12288:fQXNPo6gyFc++y3KEQYa90CwtURRwMMJVmB:oXNQ1yl+y6EQ3+CTRkwB
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1556 97fc8763592eb7f6fb56f15f6bd02362.exe -
Executes dropped EXE 1 IoCs
pid Process 1556 97fc8763592eb7f6fb56f15f6bd02362.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 7 pastebin.com 8 pastebin.com -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 5056 97fc8763592eb7f6fb56f15f6bd02362.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 5056 97fc8763592eb7f6fb56f15f6bd02362.exe 1556 97fc8763592eb7f6fb56f15f6bd02362.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 5056 wrote to memory of 1556 5056 97fc8763592eb7f6fb56f15f6bd02362.exe 84 PID 5056 wrote to memory of 1556 5056 97fc8763592eb7f6fb56f15f6bd02362.exe 84 PID 5056 wrote to memory of 1556 5056 97fc8763592eb7f6fb56f15f6bd02362.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\97fc8763592eb7f6fb56f15f6bd02362.exe"C:\Users\Admin\AppData\Local\Temp\97fc8763592eb7f6fb56f15f6bd02362.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:5056 -
C:\Users\Admin\AppData\Local\Temp\97fc8763592eb7f6fb56f15f6bd02362.exeC:\Users\Admin\AppData\Local\Temp\97fc8763592eb7f6fb56f15f6bd02362.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:1556
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
385KB
MD5d535f16821be9b35ba9c6fc91ae42edf
SHA154db593750ea5eb5091e1a945ee1c7569f84d2d8
SHA25610863ab4c27583d9b104c7aebce8b7fb5020148fee6dcefc48ab2a4cd6b2fade
SHA5125bd3d7ca66e6370cac04bebffa9b551d639b4f60d298625a680e3c5bc168109dd63e326f43c03d0366c4ac2df7b1369496f1d9750431f5099d78a33d33ce094f