8808714b4904acac8a248d84ea13c3d30d2d0ac832b887b8e2e40699bd1b0896

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/02/2024, 18:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ac9ca2630e786588fc1cfc8e3e36e0bf.exe
Size

82KB
MD5

ac9ca2630e786588fc1cfc8e3e36e0bf
SHA1

62bf343cf6b3427ff0acac8da9eab12f99c14557
SHA256

8808714b4904acac8a248d84ea13c3d30d2d0ac832b887b8e2e40699bd1b0896
SHA512

79adda9b2e9306175898dae53e512e88a571259c2d253da53aabf06845d6c4235ae90ecb78fc4b5ad6ec1dc921bc7f28163c6940302c3bdaa359f323f96c8b92
SSDEEP

1536:Jeh1NHlwRgq+jRnmAcQLEFY+0ZylgsUFCaCoJgVY6LExNDzaNH8n1wlML:O1NLDtmAn/nLHmVY6LExNDIk1J

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3044	ac9ca2630e786588fc1cfc8e3e36e0bf.exe

Executes dropped EXE 1 IoCs

pid	Process
3044	ac9ca2630e786588fc1cfc8e3e36e0bf.exe

Loads dropped DLL 1 IoCs

pid	Process
856	ac9ca2630e786588fc1cfc8e3e36e0bf.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
856	ac9ca2630e786588fc1cfc8e3e36e0bf.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
856	ac9ca2630e786588fc1cfc8e3e36e0bf.exe
3044	ac9ca2630e786588fc1cfc8e3e36e0bf.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 856 wrote to memory of 3044	856	ac9ca2630e786588fc1cfc8e3e36e0bf.exe	29
PID 856 wrote to memory of 3044	856	ac9ca2630e786588fc1cfc8e3e36e0bf.exe	29
PID 856 wrote to memory of 3044	856	ac9ca2630e786588fc1cfc8e3e36e0bf.exe	29
PID 856 wrote to memory of 3044	856	ac9ca2630e786588fc1cfc8e3e36e0bf.exe	29

C:\Users\Admin\AppData\Local\Temp\ac9ca2630e786588fc1cfc8e3e36e0bf.exe
"C:\Users\Admin\AppData\Local\Temp\ac9ca2630e786588fc1cfc8e3e36e0bf.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:856
- C:\Users\Admin\AppData\Local\Temp\ac9ca2630e786588fc1cfc8e3e36e0bf.exe
  C:\Users\Admin\AppData\Local\Temp\ac9ca2630e786588fc1cfc8e3e36e0bf.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ac9ca2630e786588fc1cfc8e3e36e0bf.exe

Filesize
64KB

MD5
60a268105b0f2b034cf9e83b7cbefcac

SHA1
9c63e00593e91989c2a523c9980c3fecb4c9495e

SHA256
db23d88a30996088a1bc00de6fc4f4ce35cefa855a48398302ab06a2146c15a3

SHA512
22a7b12146ae4fde0051f3473533293a1649cee0895dccba759e5e40c947f6c320e12296098fea73d8226b15d36bc57b72a5a0dc50d930b1a836382b76b8a036

Download Submit
\Users\Admin\AppData\Local\Temp\ac9ca2630e786588fc1cfc8e3e36e0bf.exe

Filesize
82KB

MD5
904e30db7d28710e7d823a3011883d2d

SHA1
45b7c6137d7410d0073703f7b5613e4c33f68f06

SHA256
43208cf0f402d917e1ddab1ad843644ad1f362c9f2b897bf9c0acb1e8bab2a96

SHA512
4f42c8d91c47e571f7575f858f55e69fee5fd1987e0756fd5e5c3edac0ae6f63b7dc9b95b698c63b3d8bb44c137d8db9815a72da3b9d8a82df5b46b89a3788c5

Download Submit
memory/856-0-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/856-2-0x0000000000140000-0x000000000016F000-memory.dmp

Filesize
188KB

Download
memory/856-1-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/856-15-0x0000000000190000-0x00000000001BF000-memory.dmp

Filesize
188KB

Download
memory/856-14-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3044-17-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3044-20-0x00000000002C0000-0x00000000002EF000-memory.dmp

Filesize
188KB

Download
memory/3044-24-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/3044-26-0x0000000000320000-0x000000000033B000-memory.dmp

Filesize
108KB

Download