Analysis
-
max time kernel
121s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
06-03-2024 10:03
Behavioral task
behavioral1
Sample
b72644d7b2cdb11fa41c4b7947b7582f.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b72644d7b2cdb11fa41c4b7947b7582f.exe
Resource
win10v2004-20240226-en
General
-
Target
b72644d7b2cdb11fa41c4b7947b7582f.exe
-
Size
2.9MB
-
MD5
b72644d7b2cdb11fa41c4b7947b7582f
-
SHA1
044f1776ef4f83802afdc60780880d93f4f28ee1
-
SHA256
a7c5656d425825b9d1e0744c94db8273c54d6515b44bfc83df5276352d9ff449
-
SHA512
ccac064699179aaa7828895929df582046a0449d1a1c2b61c31178ab3c8d5a6d58191bfa341771161bfeb66d4dad58908690d4eab62c297b23e3e62b2ca14f30
-
SSDEEP
49152:vQ/wFmaeCj/E24Zcyks4emAZXImb7EZw9Baj8BBT4SfcsUjoh48TyMPkXdwkyZ:vriCj/ckj3U6SHau42c1joCjMPkNwk6
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1888 b72644d7b2cdb11fa41c4b7947b7582f.exe -
Executes dropped EXE 1 IoCs
pid Process 1888 b72644d7b2cdb11fa41c4b7947b7582f.exe -
Loads dropped DLL 1 IoCs
pid Process 2136 b72644d7b2cdb11fa41c4b7947b7582f.exe -
resource yara_rule behavioral1/memory/2136-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x000d000000012267-10.dat upx behavioral1/files/0x000d000000012267-13.dat upx behavioral1/memory/1888-17-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x000d000000012267-12.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2136 b72644d7b2cdb11fa41c4b7947b7582f.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2136 b72644d7b2cdb11fa41c4b7947b7582f.exe 1888 b72644d7b2cdb11fa41c4b7947b7582f.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2136 wrote to memory of 1888 2136 b72644d7b2cdb11fa41c4b7947b7582f.exe 28 PID 2136 wrote to memory of 1888 2136 b72644d7b2cdb11fa41c4b7947b7582f.exe 28 PID 2136 wrote to memory of 1888 2136 b72644d7b2cdb11fa41c4b7947b7582f.exe 28 PID 2136 wrote to memory of 1888 2136 b72644d7b2cdb11fa41c4b7947b7582f.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\b72644d7b2cdb11fa41c4b7947b7582f.exe"C:\Users\Admin\AppData\Local\Temp\b72644d7b2cdb11fa41c4b7947b7582f.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2136 -
C:\Users\Admin\AppData\Local\Temp\b72644d7b2cdb11fa41c4b7947b7582f.exeC:\Users\Admin\AppData\Local\Temp\b72644d7b2cdb11fa41c4b7947b7582f.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:1888
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.6MB
MD58510ca3b46c5fafc515fa6ecae127704
SHA16496d35c2a60467ed3c03c7e25bb175c866eaf9f
SHA2568844ed41baa655de923ed3be1a501ebf2e604b83a32450c4696fbdc767765954
SHA51240d7910fe482eeaed7e89550bab16a4c13b45c72cdd12c481d5a2cb266e472335ccaa34a303d45fbed36d94ba7df1b46ef201f761c2fddb845d28fbfb1e2c0bc
-
Filesize
1.1MB
MD59057f5a799103534321e4ddf4046300c
SHA19cbfdf9aa68da5dc8a16b6c8c8adb0f0815772b1
SHA256b2e523de0ccd049ea5e809ae7d4b4cc461bb522f4854763fa73d54f519dc59b7
SHA512a88918b36558e068004c52f8c0158a31f44c41398c70f04957c480e3f63843afe65cd52bf46028f020906cff18caf7b3b809f7b2c4e61f73d5c81239b5a4cea6
-
Filesize
2.2MB
MD5d05b997ce06e75be28f80771c5b72ea1
SHA1b2d6695c7edf0e4dc2183166646f6f2bbf133126
SHA256da53bc98988e5363969b302fba99eda025e743d3a94b02234aed25ab06141907
SHA512460051c4a07a51a761545ea51c78f6f80090019d7da3a1af74749e0efce1d49ede830058757196f94c920cc4e4deebbf5db04c25d35eb1ee2860bdba5e4b7972