7721ce02a6113db41a581f362cd768f0d0ee637cb6f7c9360efe70bb2b6d664f

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13/02/2024, 08:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

98fe17fed848954b6b5ac30f53c7c12f.exe
Size

82KB
MD5

98fe17fed848954b6b5ac30f53c7c12f
SHA1

c9408272fa9aa8621911d211c59046442b7cdd10
SHA256

7721ce02a6113db41a581f362cd768f0d0ee637cb6f7c9360efe70bb2b6d664f
SHA512

93ac017d2b6bfb2156bfb4c3e45f3ee916428a7ddfab65a47030fd6231c26488c766de74d6f5baf7103d569e4ffee49b53e979e4188ba2c0cc3dff92a9d2801a
SSDEEP

1536:vqAuU870xbEd/Zergqr8TWIyuajxtMSmshRLTCKca:v/uUe0kxe8qr4uVewhR7h

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2484	98fe17fed848954b6b5ac30f53c7c12f.exe

Executes dropped EXE 1 IoCs

pid	Process
2484	98fe17fed848954b6b5ac30f53c7c12f.exe

Loads dropped DLL 1 IoCs

pid	Process
2672	98fe17fed848954b6b5ac30f53c7c12f.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2672	98fe17fed848954b6b5ac30f53c7c12f.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2672	98fe17fed848954b6b5ac30f53c7c12f.exe
2484	98fe17fed848954b6b5ac30f53c7c12f.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2672 wrote to memory of 2484	2672	98fe17fed848954b6b5ac30f53c7c12f.exe	29
PID 2672 wrote to memory of 2484	2672	98fe17fed848954b6b5ac30f53c7c12f.exe	29
PID 2672 wrote to memory of 2484	2672	98fe17fed848954b6b5ac30f53c7c12f.exe	29
PID 2672 wrote to memory of 2484	2672	98fe17fed848954b6b5ac30f53c7c12f.exe	29

C:\Users\Admin\AppData\Local\Temp\98fe17fed848954b6b5ac30f53c7c12f.exe
"C:\Users\Admin\AppData\Local\Temp\98fe17fed848954b6b5ac30f53c7c12f.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2672
- C:\Users\Admin\AppData\Local\Temp\98fe17fed848954b6b5ac30f53c7c12f.exe
  C:\Users\Admin\AppData\Local\Temp\98fe17fed848954b6b5ac30f53c7c12f.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2484

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\98fe17fed848954b6b5ac30f53c7c12f.exe

Filesize
64KB

MD5
737d362b2f035ed33d1dda9279fb03b3

SHA1
b9af781e439ab72a11b7865b13c1c19ff5d6e7a0

SHA256
8a405086d99f14d66f28b720d42f9862ea827f43d44ecc7921ddb04ffe90fc12

SHA512
1482787629a23d69b0c49037183c070af114a813706b3584ef1539686e79656c172b69802a5d7c7a677b5e0f3e238e297066e9c60e4f9cd69a14c98dc254fdb4

Download Submit
\Users\Admin\AppData\Local\Temp\98fe17fed848954b6b5ac30f53c7c12f.exe

Filesize
82KB

MD5
3f0bd80cd2553eb2428342ee2c326799

SHA1
e4db4d3085a43518124af207830287b06969266d

SHA256
ea7fe7430161e0d4521ad091ba5df966f2c55a58ed1421955181ae87920907fd

SHA512
98c5bff40a5593a53e018ac38beccde69c6d709e7c64037a04dee13d5bd48cacfb632d0966118d806eb684e3046ce0cc59921841b94fde157792d8eaf3f87a28

Download Submit
memory/2484-17-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2484-19-0x00000000000D0000-0x00000000000FF000-memory.dmp

Filesize
188KB

Download
memory/2484-24-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2484-29-0x00000000001B0000-0x00000000001CB000-memory.dmp

Filesize
108KB

Download
memory/2672-0-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2672-9-0x0000000000140000-0x000000000016F000-memory.dmp

Filesize
188KB

Download
memory/2672-1-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2672-15-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2672-16-0x0000000000190000-0x00000000001BF000-memory.dmp

Filesize
188KB

Download