Analysis
-
max time kernel
93s -
max time network
117s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
24/02/2024, 06:05
Behavioral task
behavioral1
Sample
a121ff9be7bd71627861f3ca11a85e43.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
a121ff9be7bd71627861f3ca11a85e43.exe
Resource
win10v2004-20240221-en
General
-
Target
a121ff9be7bd71627861f3ca11a85e43.exe
-
Size
1.5MB
-
MD5
a121ff9be7bd71627861f3ca11a85e43
-
SHA1
6a35d0ae71764af69b19cf9459e70eb2348ba02c
-
SHA256
d1e127a9aa796d28f59e6ec97049f7024e0053b5fa5d8c71dc12e89161c6b161
-
SHA512
40d99a65e953cd417d66edea43ac1fb31717bfe0cc25c7cfabbd0dd2b0e7ee3902ae078841d3c8029fdf312a4c94028020fdc6897c4029f1c57411f352871e24
-
SSDEEP
24576:tBvFqdmmSX8ryT+H1BrFX0hpo2Z4zChyxUaJLymtYPWW:t5Qh8myTQUhpfZ4zCqrLGW
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3612 a121ff9be7bd71627861f3ca11a85e43.exe -
Executes dropped EXE 1 IoCs
pid Process 3612 a121ff9be7bd71627861f3ca11a85e43.exe -
resource yara_rule behavioral2/memory/3848-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x000300000001fc40-12.dat upx behavioral2/memory/3612-14-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3848 a121ff9be7bd71627861f3ca11a85e43.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 3848 a121ff9be7bd71627861f3ca11a85e43.exe 3612 a121ff9be7bd71627861f3ca11a85e43.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3848 wrote to memory of 3612 3848 a121ff9be7bd71627861f3ca11a85e43.exe 90 PID 3848 wrote to memory of 3612 3848 a121ff9be7bd71627861f3ca11a85e43.exe 90 PID 3848 wrote to memory of 3612 3848 a121ff9be7bd71627861f3ca11a85e43.exe 90
Processes
-
C:\Users\Admin\AppData\Local\Temp\a121ff9be7bd71627861f3ca11a85e43.exe"C:\Users\Admin\AppData\Local\Temp\a121ff9be7bd71627861f3ca11a85e43.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3848 -
C:\Users\Admin\AppData\Local\Temp\a121ff9be7bd71627861f3ca11a85e43.exeC:\Users\Admin\AppData\Local\Temp\a121ff9be7bd71627861f3ca11a85e43.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:3612
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.5MB
MD50c8958b0110930e572a95e3d6e48cdd1
SHA10ef491b7c73907610fa166b4b13c0826eea8d166
SHA256a88fe2b42a2f11a5aaf49beea8ec0e39caa4a54df5cf9b850b9c2dd40fa5fc6c
SHA51220915d899e8bfa3f19baf6d72eb8cefa94fe57e44988f00b3bbba6e5ad197552a676aff203078d8cd165ea27c922be86adbbad46eb947ecdc5c0ef51e8552f87