Analysis
-
max time kernel
149s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
06-03-2024 10:03
Behavioral task
behavioral1
Sample
b72644d7b2cdb11fa41c4b7947b7582f.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b72644d7b2cdb11fa41c4b7947b7582f.exe
Resource
win10v2004-20240226-en
General
-
Target
b72644d7b2cdb11fa41c4b7947b7582f.exe
-
Size
2.9MB
-
MD5
b72644d7b2cdb11fa41c4b7947b7582f
-
SHA1
044f1776ef4f83802afdc60780880d93f4f28ee1
-
SHA256
a7c5656d425825b9d1e0744c94db8273c54d6515b44bfc83df5276352d9ff449
-
SHA512
ccac064699179aaa7828895929df582046a0449d1a1c2b61c31178ab3c8d5a6d58191bfa341771161bfeb66d4dad58908690d4eab62c297b23e3e62b2ca14f30
-
SSDEEP
49152:vQ/wFmaeCj/E24Zcyks4emAZXImb7EZw9Baj8BBT4SfcsUjoh48TyMPkXdwkyZ:vriCj/ckj3U6SHau42c1joCjMPkNwk6
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1228 b72644d7b2cdb11fa41c4b7947b7582f.exe -
Executes dropped EXE 1 IoCs
pid Process 1228 b72644d7b2cdb11fa41c4b7947b7582f.exe -
resource yara_rule behavioral2/memory/224-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x00090000000231b8-11.dat upx behavioral2/memory/1228-13-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 224 b72644d7b2cdb11fa41c4b7947b7582f.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 224 b72644d7b2cdb11fa41c4b7947b7582f.exe 1228 b72644d7b2cdb11fa41c4b7947b7582f.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 224 wrote to memory of 1228 224 b72644d7b2cdb11fa41c4b7947b7582f.exe 88 PID 224 wrote to memory of 1228 224 b72644d7b2cdb11fa41c4b7947b7582f.exe 88 PID 224 wrote to memory of 1228 224 b72644d7b2cdb11fa41c4b7947b7582f.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\b72644d7b2cdb11fa41c4b7947b7582f.exe"C:\Users\Admin\AppData\Local\Temp\b72644d7b2cdb11fa41c4b7947b7582f.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:224 -
C:\Users\Admin\AppData\Local\Temp\b72644d7b2cdb11fa41c4b7947b7582f.exeC:\Users\Admin\AppData\Local\Temp\b72644d7b2cdb11fa41c4b7947b7582f.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:1228
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.9MB
MD5c63af242bc0e885539224647809f855b
SHA1a317253fe3d4000560b3d43ad6466f1a91fbecb1
SHA256b4e861f6c467f41bd21b8a2be1a7275f72a6d9bf2820c417341e83a06fac7fa2
SHA512fe54da57573cc9a905daefb26743566bdc2a05c7d25cbf134a934b9e266c7d9476e7975e390dfee831559a675383f5841baebd209690ba00df2733b279778513