Analysis
-
max time kernel
115s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
28/02/2024, 16:01
Static task
static1
Behavioral task
behavioral1
Sample
ac481bb3eba2c664b3bea213cb064d98.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ac481bb3eba2c664b3bea213cb064d98.exe
Resource
win10v2004-20240226-en
General
-
Target
ac481bb3eba2c664b3bea213cb064d98.exe
-
Size
385KB
-
MD5
ac481bb3eba2c664b3bea213cb064d98
-
SHA1
b7ad4ce4ddce6b291dc466fb09534fb46f6159b3
-
SHA256
f12c3054541117623136c37988f287f801f30889b637802d6a7d3ce47ac1b599
-
SHA512
65c3f88db9535ed3f4b73767b8d2e0fe69567480aa26e84340238c3d61d0cbee2054a792be370c25bc1e6a82d4ac5ffdbcba16be54baff0ec63c01d2eb819ec5
-
SSDEEP
12288:S21gmmwb/2VOSjHVeuQ1G/Yt5MuXXk+A98kB:nKPxVOm1niqYtGuHk+wbB
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 4352 ac481bb3eba2c664b3bea213cb064d98.exe -
Executes dropped EXE 1 IoCs
pid Process 4352 ac481bb3eba2c664b3bea213cb064d98.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 10 pastebin.com 11 pastebin.com -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3812 ac481bb3eba2c664b3bea213cb064d98.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 3812 ac481bb3eba2c664b3bea213cb064d98.exe 4352 ac481bb3eba2c664b3bea213cb064d98.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3812 wrote to memory of 4352 3812 ac481bb3eba2c664b3bea213cb064d98.exe 93 PID 3812 wrote to memory of 4352 3812 ac481bb3eba2c664b3bea213cb064d98.exe 93 PID 3812 wrote to memory of 4352 3812 ac481bb3eba2c664b3bea213cb064d98.exe 93
Processes
-
C:\Users\Admin\AppData\Local\Temp\ac481bb3eba2c664b3bea213cb064d98.exe"C:\Users\Admin\AppData\Local\Temp\ac481bb3eba2c664b3bea213cb064d98.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3812 -
C:\Users\Admin\AppData\Local\Temp\ac481bb3eba2c664b3bea213cb064d98.exeC:\Users\Admin\AppData\Local\Temp\ac481bb3eba2c664b3bea213cb064d98.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:4352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4044 --field-trial-handle=2432,i,12161922670941700748,3348345705955601576,262144 --variations-seed-version /prefetch:81⤵PID:432
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
385KB
MD510127dc5da9a05e0b6845acedd8a9395
SHA1b0b127c20e4e9bd774b6c795db323cbb6e366a4e
SHA25662d249ce66e57a16ff99d42ef0fd3a1bcee17f84b67b9fb22185d72aab5faec3
SHA512698a6f513f473ac162842a25cb0953428697201545ca6780a0ed03b8cd38141b083d50f10d10fdf2e3d93e53daf49ab7d70f9017a08a8356440818254071343e