Analysis
-
max time kernel
117s -
max time network
117s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
14/02/2024, 06:02
Behavioral task
behavioral1
Sample
9af209808b954bc2f6b28eaaa321617f.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
9af209808b954bc2f6b28eaaa321617f.exe
Resource
win10v2004-20231215-en
General
-
Target
9af209808b954bc2f6b28eaaa321617f.exe
-
Size
59KB
-
MD5
9af209808b954bc2f6b28eaaa321617f
-
SHA1
99ac3095bf0c76fe733397d1f5c1d3dfad59f799
-
SHA256
6fe542a4ff3aabbc2d3cb536f1a0c84fe9fc8f04630c893edcf91bbc08e60e59
-
SHA512
41084b12fd036a155688517f87a44d0e0bd1dcb35f4b8d2eea3cf0b634ac58fe26efa44e1b920c211c5e25f26f5edbab97fd77dbe0c7bd07a2e933b65e4a46e3
-
SSDEEP
1536:3Ff3jL7tLR5EP2pT2rU1XhQdvvjJAkVyJrscCvOoYqD8:3JTvtLDI2R6UxhQdT2bSOoYqD8
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1760 9af209808b954bc2f6b28eaaa321617f.exe -
Executes dropped EXE 1 IoCs
pid Process 1760 9af209808b954bc2f6b28eaaa321617f.exe -
Loads dropped DLL 1 IoCs
pid Process 3044 9af209808b954bc2f6b28eaaa321617f.exe -
resource yara_rule behavioral1/memory/3044-0-0x0000000000400000-0x000000000043D000-memory.dmp upx behavioral1/files/0x000a0000000139b6-10.dat upx behavioral1/memory/1760-16-0x0000000000400000-0x000000000043D000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3044 9af209808b954bc2f6b28eaaa321617f.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 3044 9af209808b954bc2f6b28eaaa321617f.exe 1760 9af209808b954bc2f6b28eaaa321617f.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3044 wrote to memory of 1760 3044 9af209808b954bc2f6b28eaaa321617f.exe 29 PID 3044 wrote to memory of 1760 3044 9af209808b954bc2f6b28eaaa321617f.exe 29 PID 3044 wrote to memory of 1760 3044 9af209808b954bc2f6b28eaaa321617f.exe 29 PID 3044 wrote to memory of 1760 3044 9af209808b954bc2f6b28eaaa321617f.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\9af209808b954bc2f6b28eaaa321617f.exe"C:\Users\Admin\AppData\Local\Temp\9af209808b954bc2f6b28eaaa321617f.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3044 -
C:\Users\Admin\AppData\Local\Temp\9af209808b954bc2f6b28eaaa321617f.exeC:\Users\Admin\AppData\Local\Temp\9af209808b954bc2f6b28eaaa321617f.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:1760
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
59KB
MD5992fa9e30df6f13fb4a0bad54e3771a8
SHA1a0b914a6b70660edb713fcf69e3765b72e52264b
SHA256c4e4d5e6db3f43e12e2f5d42712bd26b1955d681cbb0810ed7cd46a2d6329daa
SHA5120143724be2e8f7b845dfa9f35501f69d8378eab2f16603b50a30552f70fb3f4b529d39fd562ae49a9cccf00a2b6ef1e474dea58e3a501fa9b555f0719ed5cf22