Analysis
-
max time kernel
142s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
14/02/2024, 02:55
Behavioral task
behavioral1
Sample
9a92eb2dbe93f713441e20827016a801.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
9a92eb2dbe93f713441e20827016a801.exe
Resource
win10v2004-20231215-en
General
-
Target
9a92eb2dbe93f713441e20827016a801.exe
-
Size
2.9MB
-
MD5
9a92eb2dbe93f713441e20827016a801
-
SHA1
c15c4ba65c2bf3d2c970f3b4e1c50c28a4afbd32
-
SHA256
e16a2db6c1966547926f025a4982e4077830cd81f273128f0dda151c618f064f
-
SHA512
13f1aecf58451590d04ec7fb2acd302ae1c44e1321db795a5033e9b46c78bfc516dd2bd772c48de65f1734bdc1eb13b1c3b169a6ae0f9bbf9f7c1347824bc9dd
-
SSDEEP
49152:b0YtGbTf8g2PyY1YvvxeqA3hDKn/P4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:I0p1Yvv0qUhe/gg3gnl/IVUs1jePs
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2568 9a92eb2dbe93f713441e20827016a801.exe -
Executes dropped EXE 1 IoCs
pid Process 2568 9a92eb2dbe93f713441e20827016a801.exe -
resource yara_rule behavioral2/memory/1408-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x0007000000023210-11.dat upx behavioral2/memory/2568-13-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1408 9a92eb2dbe93f713441e20827016a801.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1408 9a92eb2dbe93f713441e20827016a801.exe 2568 9a92eb2dbe93f713441e20827016a801.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1408 wrote to memory of 2568 1408 9a92eb2dbe93f713441e20827016a801.exe 83 PID 1408 wrote to memory of 2568 1408 9a92eb2dbe93f713441e20827016a801.exe 83 PID 1408 wrote to memory of 2568 1408 9a92eb2dbe93f713441e20827016a801.exe 83
Processes
-
C:\Users\Admin\AppData\Local\Temp\9a92eb2dbe93f713441e20827016a801.exe"C:\Users\Admin\AppData\Local\Temp\9a92eb2dbe93f713441e20827016a801.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1408 -
C:\Users\Admin\AppData\Local\Temp\9a92eb2dbe93f713441e20827016a801.exeC:\Users\Admin\AppData\Local\Temp\9a92eb2dbe93f713441e20827016a801.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2568
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.9MB
MD567308d13da9ffff921b19a086f4ef74b
SHA1c4febc34e7f9e932baeaa12293a29e7e00e72fe2
SHA256aa6e8a4f0a404a5b32be01d416457ce13fb0a8fd4f87cbeb752319a02b0571bc
SHA5127b11e86434927b03c7e00b16ec0d17936c2490fa0269e4204cb84fbe12e7616e7305b71cd91e0a942a479fc0d6402355fdb54fbca8447a0d50517deb35c1a548