Analysis
-
max time kernel
147s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
27/02/2024, 17:28
Behavioral task
behavioral1
Sample
a9bddf102fefd9f881b7f443329b5b19.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a9bddf102fefd9f881b7f443329b5b19.exe
Resource
win10v2004-20240226-en
General
-
Target
a9bddf102fefd9f881b7f443329b5b19.exe
-
Size
2.9MB
-
MD5
a9bddf102fefd9f881b7f443329b5b19
-
SHA1
3c96b9d854a3cb2280f342e24ddc4fbf5d96c466
-
SHA256
e157b420557c7faea80fcccc670330e5bd7ad22a482670421284f4e11975aab8
-
SHA512
709f010f6240b47ed79edcf594a56a2b8c2c220288089fc589e586a6ca73e18acf6b3a3afb0e3b16b9f705b5855b15af343d39d3eee3de89ceac1168f66d29e7
-
SSDEEP
49152:JF5WC7UQvSH9o/cnP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:t7pSdAcngg3gnl/IVUs1jePs
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2524 a9bddf102fefd9f881b7f443329b5b19.exe -
Executes dropped EXE 1 IoCs
pid Process 2524 a9bddf102fefd9f881b7f443329b5b19.exe -
resource yara_rule behavioral2/memory/3552-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x000200000001f656-11.dat upx behavioral2/memory/2524-13-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3552 a9bddf102fefd9f881b7f443329b5b19.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 3552 a9bddf102fefd9f881b7f443329b5b19.exe 2524 a9bddf102fefd9f881b7f443329b5b19.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3552 wrote to memory of 2524 3552 a9bddf102fefd9f881b7f443329b5b19.exe 87 PID 3552 wrote to memory of 2524 3552 a9bddf102fefd9f881b7f443329b5b19.exe 87 PID 3552 wrote to memory of 2524 3552 a9bddf102fefd9f881b7f443329b5b19.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\a9bddf102fefd9f881b7f443329b5b19.exe"C:\Users\Admin\AppData\Local\Temp\a9bddf102fefd9f881b7f443329b5b19.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3552 -
C:\Users\Admin\AppData\Local\Temp\a9bddf102fefd9f881b7f443329b5b19.exeC:\Users\Admin\AppData\Local\Temp\a9bddf102fefd9f881b7f443329b5b19.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2524
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.9MB
MD5ec128e86c7891369944734cbe523a7c1
SHA17a92eafc816e9c626be55f589bb54000a58b4fac
SHA2562e77b6945588f659c5f7d36d6f4feb6dff877e91414556429cce979fd5df7ff6
SHA51223bf1a81e6c792d26ade16de0de4332520a13ce10170a75e820cd86a2e1e87d6aea371623cb6cee8a4f900d2fd88163cd1a7ed753bcc9b65e84cca9ca47a3a97