Analysis
-
max time kernel
121s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
06-03-2024 01:10
Behavioral task
behavioral1
Sample
b622ed8a7ba0c3c7ecf68f7e32a2ba65.exe
Resource
win7-20240221-en
General
-
Target
b622ed8a7ba0c3c7ecf68f7e32a2ba65.exe
-
Size
2.9MB
-
MD5
b622ed8a7ba0c3c7ecf68f7e32a2ba65
-
SHA1
3c6bd2406692b6bb1ecfdf54cc06ca14d1304da6
-
SHA256
39b0c5cc10ecf39813ba5100d1f2f983a45ca2e150fa13deec9a5d9ec4154b81
-
SHA512
416a7ba3ec216e04bb28a9057b1f207ea7b238e6f8c64df80cd9c0b9b4511dbcafa24308f4ef30a644c117008cc80d04e8bb0230b433c5583d29564209603a3a
-
SSDEEP
49152:sGyPbFHe+WC3rzco2c8KGc/stRw6g3RTP4M338dB2IBlGuuDVUsdxxjeQZwxPYRr:TyjBBhrAh1vtyFFgg3gnl/IVUs1jePs
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3024 b622ed8a7ba0c3c7ecf68f7e32a2ba65.exe -
Executes dropped EXE 1 IoCs
pid Process 3024 b622ed8a7ba0c3c7ecf68f7e32a2ba65.exe -
Loads dropped DLL 1 IoCs
pid Process 2728 b622ed8a7ba0c3c7ecf68f7e32a2ba65.exe -
resource yara_rule behavioral1/memory/2728-1-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x000900000001224e-10.dat upx behavioral1/files/0x000900000001224e-14.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2728 b622ed8a7ba0c3c7ecf68f7e32a2ba65.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2728 b622ed8a7ba0c3c7ecf68f7e32a2ba65.exe 3024 b622ed8a7ba0c3c7ecf68f7e32a2ba65.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2728 wrote to memory of 3024 2728 b622ed8a7ba0c3c7ecf68f7e32a2ba65.exe 28 PID 2728 wrote to memory of 3024 2728 b622ed8a7ba0c3c7ecf68f7e32a2ba65.exe 28 PID 2728 wrote to memory of 3024 2728 b622ed8a7ba0c3c7ecf68f7e32a2ba65.exe 28 PID 2728 wrote to memory of 3024 2728 b622ed8a7ba0c3c7ecf68f7e32a2ba65.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\b622ed8a7ba0c3c7ecf68f7e32a2ba65.exe"C:\Users\Admin\AppData\Local\Temp\b622ed8a7ba0c3c7ecf68f7e32a2ba65.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2728 -
C:\Users\Admin\AppData\Local\Temp\b622ed8a7ba0c3c7ecf68f7e32a2ba65.exeC:\Users\Admin\AppData\Local\Temp\b622ed8a7ba0c3c7ecf68f7e32a2ba65.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:3024
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.9MB
MD571ff6e9304307332bb1e1b3a5ef011b0
SHA1df6e6a22ddbaa708bf6835f7474c2cd78b46b71a
SHA25641a9eb4ac296759c6728254daed176ab908a4868b478e763ac76d8b25a79698e
SHA512424457b8848e2779776dd4758200af032503482c1f361751026660d3f86b95b78cea6faec440a92bb66bfe895d9fe52907c601526baee63089db0d6f5104a34c
-
Filesize
704KB
MD550872d6786758859fc640464f89b4f72
SHA1dd5fcd9e49478d78a20cffde45d9d2ac0e56171b
SHA256d3d03e70a6e62f4ae8203c6e0ab396ca642ae42b4dc0dab098cbe09f3c616713
SHA5121753a96d70db711b18a4963c663c735a93fce8f1f8fa5bfda6ed5419209d646882d47fae246bf30286a2f4e1316db2890987a8d475ea5599aeb8b9a0aebea0f6