Analysis
-
max time kernel
117s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
06-03-2024 13:41
Behavioral task
behavioral1
Sample
b789ec35515287aac8ee1ac6c17fb6eb.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b789ec35515287aac8ee1ac6c17fb6eb.exe
Resource
win10v2004-20240226-en
General
-
Target
b789ec35515287aac8ee1ac6c17fb6eb.exe
-
Size
1.3MB
-
MD5
b789ec35515287aac8ee1ac6c17fb6eb
-
SHA1
299f62d04e01b12901eee66bfa46b0f8294a7595
-
SHA256
20ccce0ba6a24255c6783a54e9f7ccbbbc89f2fbd11111ef19f31a52dcc54eeb
-
SHA512
7b23ffe58de7ecaa69f90a22ec3a0a2a48da68e9cbf3fbf866ed8b0dde0473b5bfc8255391047f8c1e5c8ab8b7435ed4e134456b5863e460a38bccbb29d8cc27
-
SSDEEP
24576:4i2q4fMGfxK/XFyxZpoYfS9VkkvoZs8nCcewS+rSLJ3xd7tVWWO:qfMGo/XFW+YgJqeTL1xd7tkf
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2856 b789ec35515287aac8ee1ac6c17fb6eb.exe -
Executes dropped EXE 1 IoCs
pid Process 2856 b789ec35515287aac8ee1ac6c17fb6eb.exe -
Loads dropped DLL 1 IoCs
pid Process 2212 b789ec35515287aac8ee1ac6c17fb6eb.exe -
resource yara_rule behavioral1/memory/2212-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x000b00000001224c-10.dat upx behavioral1/memory/2856-16-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x000b00000001224c-14.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2212 b789ec35515287aac8ee1ac6c17fb6eb.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2212 b789ec35515287aac8ee1ac6c17fb6eb.exe 2856 b789ec35515287aac8ee1ac6c17fb6eb.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2212 wrote to memory of 2856 2212 b789ec35515287aac8ee1ac6c17fb6eb.exe 28 PID 2212 wrote to memory of 2856 2212 b789ec35515287aac8ee1ac6c17fb6eb.exe 28 PID 2212 wrote to memory of 2856 2212 b789ec35515287aac8ee1ac6c17fb6eb.exe 28 PID 2212 wrote to memory of 2856 2212 b789ec35515287aac8ee1ac6c17fb6eb.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\b789ec35515287aac8ee1ac6c17fb6eb.exe"C:\Users\Admin\AppData\Local\Temp\b789ec35515287aac8ee1ac6c17fb6eb.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2212 -
C:\Users\Admin\AppData\Local\Temp\b789ec35515287aac8ee1ac6c17fb6eb.exeC:\Users\Admin\AppData\Local\Temp\b789ec35515287aac8ee1ac6c17fb6eb.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2856
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914KB
MD59912952d31c12582c4f4172aa0fe3931
SHA1e391418f9577a8a28365520433fa10eaed493624
SHA2561c11a31b897d7268ccc385df84e22234132478e095771630b8488d463d6bda15
SHA5126c48dd91a3ccb3a6612115a4ee4a846d54feb3b0494e5ba6ebe3450b509dd4e51280826b573074dcce824fc5f004b8e5ab5336d662313b5dbe917880f865007d
-
Filesize
1.1MB
MD5dc0df8eb9648900f4aa24cdf792a0ae2
SHA17cdbd522c14fb50fe1e0638472cd2b883edff1e0
SHA2567282ba5490e4d589b226b0c282f133c055bde43ce7afa5d274ad5f27fda68071
SHA5128eb3e0a383bd3edbab469e3d1eb9938d33d303c311f7e1c31a9411660dad541f10bcf2fcad9cf6895186d1066296b847c9a400ccd78a43654e2d2a44fd6ef72a