37b860c793b0197e0f832ebd68a74cae8ea25c4e3b4f3b58a9c99f00e1e981e1

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
25/02/2024, 07:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a33cb83cfd2c0f1111eb61f3b5018cb5.exe
Size

82KB
MD5

a33cb83cfd2c0f1111eb61f3b5018cb5
SHA1

71857f0aee53eff35cf0eba2ba7bcf073805c9e0
SHA256

37b860c793b0197e0f832ebd68a74cae8ea25c4e3b4f3b58a9c99f00e1e981e1
SHA512

7c7efb9925dfaba2cc0b9e23045f997900dfd90035569feeb4bd20c021520d1b1048e6ffddcf17d4427be88c26cb93f53b5bb12e98f11879e774d8d17429ba9b
SSDEEP

1536:mbtX9Tq9xrjBv2tyRb3Izb4SbBCzhaZmTVtljmZ9Y41GRq3XgGuXKP:mN9TOxXBvKA3U4SVCzocTJjKac73Hsk

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3048	a33cb83cfd2c0f1111eb61f3b5018cb5.exe

Executes dropped EXE 1 IoCs

pid	Process
3048	a33cb83cfd2c0f1111eb61f3b5018cb5.exe

Loads dropped DLL 1 IoCs

pid	Process
2912	a33cb83cfd2c0f1111eb61f3b5018cb5.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2912	a33cb83cfd2c0f1111eb61f3b5018cb5.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2912	a33cb83cfd2c0f1111eb61f3b5018cb5.exe
3048	a33cb83cfd2c0f1111eb61f3b5018cb5.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 3048	2912	a33cb83cfd2c0f1111eb61f3b5018cb5.exe	29
PID 2912 wrote to memory of 3048	2912	a33cb83cfd2c0f1111eb61f3b5018cb5.exe	29
PID 2912 wrote to memory of 3048	2912	a33cb83cfd2c0f1111eb61f3b5018cb5.exe	29
PID 2912 wrote to memory of 3048	2912	a33cb83cfd2c0f1111eb61f3b5018cb5.exe	29

C:\Users\Admin\AppData\Local\Temp\a33cb83cfd2c0f1111eb61f3b5018cb5.exe
"C:\Users\Admin\AppData\Local\Temp\a33cb83cfd2c0f1111eb61f3b5018cb5.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Users\Admin\AppData\Local\Temp\a33cb83cfd2c0f1111eb61f3b5018cb5.exe
  C:\Users\Admin\AppData\Local\Temp\a33cb83cfd2c0f1111eb61f3b5018cb5.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a33cb83cfd2c0f1111eb61f3b5018cb5.exe

Filesize
82KB

MD5
b7f46bd1ebbf648498a86e5e1e661528

SHA1
5534d334fab26d1f2e6e7c583f9b0f15be4891a3

SHA256
daed46f29f0e2a33f99cf32f18ad786da6837777ea5ac4f3cf50cb4876aa9708

SHA512
b7e4536be72eb3f58fddaee0e5df5ca2b4e016ee091fef382308b9e7e5e3348b9cefb39541347fb17659bf7c161d79b90b1712b3a074f0ec8431490bf6823a13

Download Submit
\Users\Admin\AppData\Local\Temp\a33cb83cfd2c0f1111eb61f3b5018cb5.exe

Filesize
64KB

MD5
7e69376da331c06641edb4566b4fd3b2

SHA1
87cfd4534a3ceff37321712b68c743a2f7ed273e

SHA256
1b793173f028c4b879d9f8ed5b43110475d5b0ad7fc087d1cd87967ea392ca3e

SHA512
7b57b3a9f431e8b60a460ec7c3bc0ca6e8741c166a6fb7b81c0de24d70df8903d6d40a6d6c9f64e49ae7635ce1e9bec923a48aae22a2eee5089c108c61f38638

Download Submit
memory/2912-0-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2912-1-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2912-7-0x0000000000140000-0x000000000016F000-memory.dmp

Filesize
188KB

Download
memory/2912-16-0x0000000000210000-0x000000000023F000-memory.dmp

Filesize
188KB

Download
memory/2912-14-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3048-18-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3048-20-0x00000000001D0000-0x00000000001FF000-memory.dmp

Filesize
188KB

Download
memory/3048-24-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/3048-29-0x0000000000220000-0x000000000023B000-memory.dmp

Filesize
108KB

Download