Analysis
-
max time kernel
144s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
14-02-2024 15:23
Static task
static1
Behavioral task
behavioral1
Sample
9c053f36822e34060234cf396c339c37.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
9c053f36822e34060234cf396c339c37.exe
Resource
win10v2004-20231222-en
General
-
Target
9c053f36822e34060234cf396c339c37.exe
-
Size
84KB
-
MD5
9c053f36822e34060234cf396c339c37
-
SHA1
92284fe985581d37aab2e938fd79096e4d28e6be
-
SHA256
20a3fabf7c33987c2d03a86376c90386805a23a1629d3fb5e29926865e73b1c2
-
SHA512
4b5587c44b96ef13599b43e5f59c5160256bdea65fc49c094e9669512aea9d5b10b05a630254eeff41c2b127a82b0d8ca80c998d4bf42550b2f8d537e0ac9890
-
SSDEEP
1536:5ZL8880XR7TfShIBpQTfpRhkZCOfeyKwxrTSQzk4TV4oja32bYcI:OCdfS6ihpOI+TSm/J4ojamb7I
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 456 9c053f36822e34060234cf396c339c37.exe -
Executes dropped EXE 1 IoCs
pid Process 456 9c053f36822e34060234cf396c339c37.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3156 9c053f36822e34060234cf396c339c37.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 3156 9c053f36822e34060234cf396c339c37.exe 456 9c053f36822e34060234cf396c339c37.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3156 wrote to memory of 456 3156 9c053f36822e34060234cf396c339c37.exe 85 PID 3156 wrote to memory of 456 3156 9c053f36822e34060234cf396c339c37.exe 85 PID 3156 wrote to memory of 456 3156 9c053f36822e34060234cf396c339c37.exe 85
Processes
-
C:\Users\Admin\AppData\Local\Temp\9c053f36822e34060234cf396c339c37.exe"C:\Users\Admin\AppData\Local\Temp\9c053f36822e34060234cf396c339c37.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3156 -
C:\Users\Admin\AppData\Local\Temp\9c053f36822e34060234cf396c339c37.exeC:\Users\Admin\AppData\Local\Temp\9c053f36822e34060234cf396c339c37.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:456
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
84KB
MD5f4d58690767d789b81c8517a6d876cb0
SHA1a550156591b3959c8801ce8579db18a67bf6b10f
SHA256b5385da4be4b4529f343c37c65f5d7ffd674395233f51c676edab5fa5596d9cc
SHA51227a35938e776bc7e6e6c41fa0af58d4b635e606840df74ffaebfcda829017f0bc808fa9b6a74ef73264360e7e232015abd6ccfb3cf0b0631f39b65b317270279