aefbb23103c6764bff0c7326b7c083f11c40904031a38425d94f1c7834c749a0

Analysis

max time kernel
141s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/02/2024, 15:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ac4376d44c698c6c53e63f5b011b2fd7.exe
Size

771KB
MD5

ac4376d44c698c6c53e63f5b011b2fd7
SHA1

22737c17f5a63ee20b7dce42ec2bddc4f5a39421
SHA256

aefbb23103c6764bff0c7326b7c083f11c40904031a38425d94f1c7834c749a0
SHA512

64180457443ab066a7a62a8e51e6c184e2dd9213a453d200d8b61b3633a88a7cf9e8fe0cd67cc21075169fff8261d7b2ba4ff64ed89fd6337213de435f59b3ff
SSDEEP

24576:gLkobHg6xW4bSZ/MXb10hJaothZ2/T6FBBB:QU8V8ML/ofT

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3960	ac4376d44c698c6c53e63f5b011b2fd7.exe

Executes dropped EXE 1 IoCs

pid	Process
3960	ac4376d44c698c6c53e63f5b011b2fd7.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
32	pastebin.com
33	pastebin.com

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2440	ac4376d44c698c6c53e63f5b011b2fd7.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2440	ac4376d44c698c6c53e63f5b011b2fd7.exe
3960	ac4376d44c698c6c53e63f5b011b2fd7.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2440 wrote to memory of 3960	2440	ac4376d44c698c6c53e63f5b011b2fd7.exe	97
PID 2440 wrote to memory of 3960	2440	ac4376d44c698c6c53e63f5b011b2fd7.exe	97
PID 2440 wrote to memory of 3960	2440	ac4376d44c698c6c53e63f5b011b2fd7.exe	97

C:\Users\Admin\AppData\Local\Temp\ac4376d44c698c6c53e63f5b011b2fd7.exe
"C:\Users\Admin\AppData\Local\Temp\ac4376d44c698c6c53e63f5b011b2fd7.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2440
- C:\Users\Admin\AppData\Local\Temp\ac4376d44c698c6c53e63f5b011b2fd7.exe
  C:\Users\Admin\AppData\Local\Temp\ac4376d44c698c6c53e63f5b011b2fd7.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4136 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8
1⤵
PID:4388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ac4376d44c698c6c53e63f5b011b2fd7.exe

Filesize
771KB

MD5
c94cc5ded684c7da35f246314c42292b

SHA1
19b872f9b14e9f7a06de9c971f293c90914cba4f

SHA256
ba15010a4f039136ce6c3bfc26654bb64239f7fd4454454ae17d4c626166a61e

SHA512
64333ae815f4c3cd127844624dbfe8103fb5013352d039870c7f747a52b7660c7f3232b7a870614441759ed9a2917c8659f6063292f70a7ea48206f9ed3489ae

Download Submit
memory/2440-0-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/2440-1-0x0000000001470000-0x00000000014D6000-memory.dmp

Filesize
408KB

Download
memory/2440-2-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2440-11-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/3960-13-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/3960-14-0x0000000001470000-0x00000000014D6000-memory.dmp

Filesize
408KB

Download
memory/3960-20-0x0000000004E90000-0x0000000004EEF000-memory.dmp

Filesize
380KB

Download
memory/3960-21-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/3960-30-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/3960-35-0x000000000B600000-0x000000000B63C000-memory.dmp

Filesize
240KB

Download
memory/3960-36-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download