Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
25-02-2024 16:14
Behavioral task
behavioral1
Sample
a438c5ce8f98d7fedbfde163966a3e8d.exe
Resource
win7-20240220-en
General
-
Target
a438c5ce8f98d7fedbfde163966a3e8d.exe
-
Size
5.8MB
-
MD5
a438c5ce8f98d7fedbfde163966a3e8d
-
SHA1
81dfd9be7c96a747137eb2ba99b54fc2b83682b1
-
SHA256
78142da8ae2bf87830295cf35b8cecdbf51e66f916d19efc8c3f6dbe251c94b9
-
SHA512
aea2332203096e055ebe9c3c5a114e10c3d507af673c4def64ef7568561243dba61f215aaccb671c92c396d1792ff4f4fb1d6fe7807295a4e13fdbc32484462c
-
SSDEEP
98304:UHnNFADCeiGQZaXhP5a9UEI+eG9jAkbkR79D+cVItGQZaXhP5a9UEI+eG:AAue8GhRaaCkN9qHGhRa
Malware Config
Signatures
-
Deletes itself 1 IoCs
Processes:
a438c5ce8f98d7fedbfde163966a3e8d.exepid process 2980 a438c5ce8f98d7fedbfde163966a3e8d.exe -
Executes dropped EXE 1 IoCs
Processes:
a438c5ce8f98d7fedbfde163966a3e8d.exepid process 2980 a438c5ce8f98d7fedbfde163966a3e8d.exe -
Loads dropped DLL 1 IoCs
Processes:
a438c5ce8f98d7fedbfde163966a3e8d.exepid process 2156 a438c5ce8f98d7fedbfde163966a3e8d.exe -
Processes:
resource yara_rule behavioral1/memory/2156-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx \Users\Admin\AppData\Local\Temp\a438c5ce8f98d7fedbfde163966a3e8d.exe upx -
Suspicious behavior: RenamesItself 1 IoCs
Processes:
a438c5ce8f98d7fedbfde163966a3e8d.exepid process 2156 a438c5ce8f98d7fedbfde163966a3e8d.exe -
Suspicious use of UnmapMainImage 2 IoCs
Processes:
a438c5ce8f98d7fedbfde163966a3e8d.exea438c5ce8f98d7fedbfde163966a3e8d.exepid process 2156 a438c5ce8f98d7fedbfde163966a3e8d.exe 2980 a438c5ce8f98d7fedbfde163966a3e8d.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
a438c5ce8f98d7fedbfde163966a3e8d.exedescription pid process target process PID 2156 wrote to memory of 2980 2156 a438c5ce8f98d7fedbfde163966a3e8d.exe a438c5ce8f98d7fedbfde163966a3e8d.exe PID 2156 wrote to memory of 2980 2156 a438c5ce8f98d7fedbfde163966a3e8d.exe a438c5ce8f98d7fedbfde163966a3e8d.exe PID 2156 wrote to memory of 2980 2156 a438c5ce8f98d7fedbfde163966a3e8d.exe a438c5ce8f98d7fedbfde163966a3e8d.exe PID 2156 wrote to memory of 2980 2156 a438c5ce8f98d7fedbfde163966a3e8d.exe a438c5ce8f98d7fedbfde163966a3e8d.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\a438c5ce8f98d7fedbfde163966a3e8d.exe"C:\Users\Admin\AppData\Local\Temp\a438c5ce8f98d7fedbfde163966a3e8d.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2156 -
C:\Users\Admin\AppData\Local\Temp\a438c5ce8f98d7fedbfde163966a3e8d.exeC:\Users\Admin\AppData\Local\Temp\a438c5ce8f98d7fedbfde163966a3e8d.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2980
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.8MB
MD5beea700735004e6320bae380e5da00dd
SHA18f697de8d069b8e9d9594254061dc360046bf380
SHA2562bb2a4e2ac7a572c5926544679b99a4bdedb1316ef87913dc55ba897dcb9e9ae
SHA51219b01420ed1a0c9c90983d4f6d5b6401d7c64ac351c91bc916f3a31debc84df39bc993ac958b409ea26a23bc02b35f0f840eaa7b54a7bdc77262ef9963f1a808