Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
05/03/2024, 18:59 UTC
Static task
static1
Behavioral task
behavioral1
Sample
2d2d4654fe9a32edb562d2cd3326aa28dd8eb229463ba94473aeff0505cd990e.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
2d2d4654fe9a32edb562d2cd3326aa28dd8eb229463ba94473aeff0505cd990e.exe
Resource
win10v2004-20240226-en
General
-
Target
2d2d4654fe9a32edb562d2cd3326aa28dd8eb229463ba94473aeff0505cd990e.exe
-
Size
197KB
-
MD5
3a56b4bfdc3e26faf2f9a25a9d0b99bb
-
SHA1
6d3eb841a2ef53ac973af87285016e03035da334
-
SHA256
2d2d4654fe9a32edb562d2cd3326aa28dd8eb229463ba94473aeff0505cd990e
-
SHA512
b312241b47fe80bf50c0d693e3904420ff91f387c7bbf7599b4e74a76336125df1e7848b8b0d2f2f238d35ccae8407f27368079db5b4033ad6dd70f6847bc264
-
SSDEEP
3072:zy7MbiS1bE8Pt/fXDYxCBwmdWfIv0koEpZAWCuSE3mX76mFSYkP9+A4j:uIbiS1VuC5MJEpj0RX76m1kV+A
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2980 2d2d4654fe9a32edb562d2cd3326aa28dd8eb229463ba94473aeff0505cd990e.exe -
Executes dropped EXE 1 IoCs
pid Process 2980 2d2d4654fe9a32edb562d2cd3326aa28dd8eb229463ba94473aeff0505cd990e.exe -
Loads dropped DLL 1 IoCs
pid Process 2728 2d2d4654fe9a32edb562d2cd3326aa28dd8eb229463ba94473aeff0505cd990e.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2728 2d2d4654fe9a32edb562d2cd3326aa28dd8eb229463ba94473aeff0505cd990e.exe -
Suspicious use of UnmapMainImage 1 IoCs
pid Process 2980 2d2d4654fe9a32edb562d2cd3326aa28dd8eb229463ba94473aeff0505cd990e.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2728 wrote to memory of 2980 2728 2d2d4654fe9a32edb562d2cd3326aa28dd8eb229463ba94473aeff0505cd990e.exe 29 PID 2728 wrote to memory of 2980 2728 2d2d4654fe9a32edb562d2cd3326aa28dd8eb229463ba94473aeff0505cd990e.exe 29 PID 2728 wrote to memory of 2980 2728 2d2d4654fe9a32edb562d2cd3326aa28dd8eb229463ba94473aeff0505cd990e.exe 29 PID 2728 wrote to memory of 2980 2728 2d2d4654fe9a32edb562d2cd3326aa28dd8eb229463ba94473aeff0505cd990e.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\2d2d4654fe9a32edb562d2cd3326aa28dd8eb229463ba94473aeff0505cd990e.exe"C:\Users\Admin\AppData\Local\Temp\2d2d4654fe9a32edb562d2cd3326aa28dd8eb229463ba94473aeff0505cd990e.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2728 -
C:\Users\Admin\AppData\Local\Temp\2d2d4654fe9a32edb562d2cd3326aa28dd8eb229463ba94473aeff0505cd990e.exeC:\Users\Admin\AppData\Local\Temp\2d2d4654fe9a32edb562d2cd3326aa28dd8eb229463ba94473aeff0505cd990e.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2980
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\2d2d4654fe9a32edb562d2cd3326aa28dd8eb229463ba94473aeff0505cd990e.exe
Filesize197KB
MD5fef508aebd4aae080bb245be65697205
SHA19d6dbef980e8f3844a1ff72265b7d151668f3899
SHA2566c757185554c9205cc0c36d7548d187c8c68984db68b0725c1ee120ad021393a
SHA5124da7e5e9151ec518bbcc9c736c279426c6dda3266c84f71fda4d692247469e61763b8cb6dc49d4fbde54c4ba49d32fc06632ba2c94d4b77b321947d277c18b05