2a737e9e55ba685ce43ccf628a185b0f5873e0ee3cc32251363e2e2038254ac3

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
28/02/2024, 15:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ac31172760ddd2e67fbea1ab5a9623ac.exe
Size

82KB
MD5

ac31172760ddd2e67fbea1ab5a9623ac
SHA1

6481ba2e6cb6aa7967adbd3ce4378531e231682c
SHA256

2a737e9e55ba685ce43ccf628a185b0f5873e0ee3cc32251363e2e2038254ac3
SHA512

f83490ddd2b7c71f965a65bb64d359a8d0c5ea9fbade4d71cc853d2a87802f8f7581ac02442027a39c4e502f108c19035453a69a9abd97a8586fb38af394bed5
SSDEEP

1536:pM+oXDGhKP0Yv1lCJmgF90ZO0q1AyfMjuv/40Ab0KboBwx9y47d:yXDMoXW0ZHvu3T4dcBwx9yad

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2488	ac31172760ddd2e67fbea1ab5a9623ac.exe

Executes dropped EXE 1 IoCs

pid	Process
2488	ac31172760ddd2e67fbea1ab5a9623ac.exe

Loads dropped DLL 1 IoCs

pid	Process
1844	ac31172760ddd2e67fbea1ab5a9623ac.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1844	ac31172760ddd2e67fbea1ab5a9623ac.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1844	ac31172760ddd2e67fbea1ab5a9623ac.exe
2488	ac31172760ddd2e67fbea1ab5a9623ac.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1844 wrote to memory of 2488	1844	ac31172760ddd2e67fbea1ab5a9623ac.exe	29
PID 1844 wrote to memory of 2488	1844	ac31172760ddd2e67fbea1ab5a9623ac.exe	29
PID 1844 wrote to memory of 2488	1844	ac31172760ddd2e67fbea1ab5a9623ac.exe	29
PID 1844 wrote to memory of 2488	1844	ac31172760ddd2e67fbea1ab5a9623ac.exe	29

C:\Users\Admin\AppData\Local\Temp\ac31172760ddd2e67fbea1ab5a9623ac.exe
"C:\Users\Admin\AppData\Local\Temp\ac31172760ddd2e67fbea1ab5a9623ac.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1844
- C:\Users\Admin\AppData\Local\Temp\ac31172760ddd2e67fbea1ab5a9623ac.exe
  C:\Users\Admin\AppData\Local\Temp\ac31172760ddd2e67fbea1ab5a9623ac.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2488

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ac31172760ddd2e67fbea1ab5a9623ac.exe

Filesize
82KB

MD5
2835d962d569a225c06e89987e7e7ddb

SHA1
7c2bdb7d7abe38795aee128ee56c02fe100dce44

SHA256
a631e53e44cdc99ee908d5d2376c0e13550600850398526c86e2cc57d3ef4b08

SHA512
ff79689899ed153d03095a1d4590d79aed3f75b48c19b91b823b82c71bf49ed9b336f9eee653f3d9201d28d19503e389b5d3e988bfab90344ee1ceb190fad94b

Download Submit
\Users\Admin\AppData\Local\Temp\ac31172760ddd2e67fbea1ab5a9623ac.exe

Filesize
64KB

MD5
80eb64d375b4c737f4a12a816ced9345

SHA1
e6ef62e0d879c20431af39d461b6d7ecdb913188

SHA256
dc43313edb162f48cbb17b36623dafe76266379c3c5429b9b8c4153ec0e8d8a0

SHA512
edfb3c647ddd80689916cfe11c25c4d6f3ed110ac3fdaa152c334b92185baf05a390b95c237452d1d95ad79d86a4eb96390ca7d0f9e1b4137490902adc202f23

Download Submit
memory/1844-0-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1844-1-0x00000000000D0000-0x00000000000FF000-memory.dmp

Filesize
188KB

Download
memory/1844-2-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1844-15-0x00000000001A0000-0x00000000001CF000-memory.dmp

Filesize
188KB

Download
memory/1844-14-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2488-18-0x0000000000140000-0x000000000016F000-memory.dmp

Filesize
188KB

Download
memory/2488-20-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2488-24-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2488-28-0x0000000000230000-0x000000000024B000-memory.dmp

Filesize
108KB

Download