Analysis
-
max time kernel
121s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
26-02-2024 21:13
Behavioral task
behavioral1
Sample
a75df0c910c76d2dcb6f5f242091ffe2.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a75df0c910c76d2dcb6f5f242091ffe2.exe
Resource
win10v2004-20240226-en
General
-
Target
a75df0c910c76d2dcb6f5f242091ffe2.exe
-
Size
2.9MB
-
MD5
a75df0c910c76d2dcb6f5f242091ffe2
-
SHA1
698d2defe3340a436aefd4521a83a82a75c68d40
-
SHA256
be31c293190995d5c8d36a03ecb9bc93e8703e3b5d0a69dd806ea47ba661b308
-
SHA512
8404b41535c10a772745e34b892c195fa7fd4895558f6eea74574961a5e51fb78a71886511131ceca59bbecb3db66430ff252780ea4b890fafa5ce17067eff47
-
SSDEEP
49152:fRHeTQKP6bSKBNbk1jErYc2WzryMhpxQqbrsI8ONP4M338dB2IBlGuuDVUsdxxjl:ftmP65BNCjEkc/z2tVPONgg3gnl/IVU8
Malware Config
Signatures
-
Deletes itself 1 IoCs
Processes:
a75df0c910c76d2dcb6f5f242091ffe2.exepid process 3632 a75df0c910c76d2dcb6f5f242091ffe2.exe -
Executes dropped EXE 1 IoCs
Processes:
a75df0c910c76d2dcb6f5f242091ffe2.exepid process 3632 a75df0c910c76d2dcb6f5f242091ffe2.exe -
Processes:
resource yara_rule behavioral2/memory/1068-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx C:\Users\Admin\AppData\Local\Temp\a75df0c910c76d2dcb6f5f242091ffe2.exe upx -
Suspicious behavior: RenamesItself 1 IoCs
Processes:
a75df0c910c76d2dcb6f5f242091ffe2.exepid process 1068 a75df0c910c76d2dcb6f5f242091ffe2.exe -
Suspicious use of UnmapMainImage 2 IoCs
Processes:
a75df0c910c76d2dcb6f5f242091ffe2.exea75df0c910c76d2dcb6f5f242091ffe2.exepid process 1068 a75df0c910c76d2dcb6f5f242091ffe2.exe 3632 a75df0c910c76d2dcb6f5f242091ffe2.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
a75df0c910c76d2dcb6f5f242091ffe2.exedescription pid process target process PID 1068 wrote to memory of 3632 1068 a75df0c910c76d2dcb6f5f242091ffe2.exe a75df0c910c76d2dcb6f5f242091ffe2.exe PID 1068 wrote to memory of 3632 1068 a75df0c910c76d2dcb6f5f242091ffe2.exe a75df0c910c76d2dcb6f5f242091ffe2.exe PID 1068 wrote to memory of 3632 1068 a75df0c910c76d2dcb6f5f242091ffe2.exe a75df0c910c76d2dcb6f5f242091ffe2.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\a75df0c910c76d2dcb6f5f242091ffe2.exe"C:\Users\Admin\AppData\Local\Temp\a75df0c910c76d2dcb6f5f242091ffe2.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1068 -
C:\Users\Admin\AppData\Local\Temp\a75df0c910c76d2dcb6f5f242091ffe2.exeC:\Users\Admin\AppData\Local\Temp\a75df0c910c76d2dcb6f5f242091ffe2.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:3632
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.9MB
MD548f1167f6810b3a2463dcd14dce2f7e8
SHA1d8381db5482f046339878abc3ce9376718ea1757
SHA256913ea4586fdad96c1af13933d844bb30effa6bc962be6f314fa35822ec9ee0cf
SHA512de901886cc4b5ad233d1b8ede7bf7a23fbe924ddf55ab6694dbfc965f2dd89283afffbc884776c5bd141e64c7ae3fbc039fd6f8a51231ec3581ac5c254975861