Analysis
-
max time kernel
121s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
06-03-2024 20:58
Behavioral task
behavioral1
Sample
b82cb510100cc9e5e7b3ca0ce00e10a6.exe
Resource
win7-20240221-en
General
-
Target
b82cb510100cc9e5e7b3ca0ce00e10a6.exe
-
Size
2.9MB
-
MD5
b82cb510100cc9e5e7b3ca0ce00e10a6
-
SHA1
1b05aa8de29c23c0345a8cb7a9a029d27c3b3bcc
-
SHA256
6c9136e86a05f217abbbd2e73b79c5e0330a8c37d09af42124738f08fb0405b9
-
SHA512
c3084e6edc7cd0c5e3f6ee835bc40e3ec784064704cc41fbd233e1c67d9cd0ad8f106653ae0274c91f5fd19bdcdc17c9b02b2d40bff5f4d08474e8562daf4361
-
SSDEEP
49152:d73WV+G5GcJY9U/s6+CB1Ooqxovt8mEBSHLHjZ8gtXCjFlted0d/5MIg/d:MVN5GcJYK/c1oqxovVEBSrDZvNOtTdBu
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2564 b82cb510100cc9e5e7b3ca0ce00e10a6.exe -
Executes dropped EXE 1 IoCs
pid Process 2564 b82cb510100cc9e5e7b3ca0ce00e10a6.exe -
Loads dropped DLL 1 IoCs
pid Process 3040 b82cb510100cc9e5e7b3ca0ce00e10a6.exe -
resource yara_rule behavioral1/memory/3040-1-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x000b000000012226-12.dat upx behavioral1/files/0x000b000000012226-10.dat upx behavioral1/memory/2564-16-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3040 b82cb510100cc9e5e7b3ca0ce00e10a6.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 3040 b82cb510100cc9e5e7b3ca0ce00e10a6.exe 2564 b82cb510100cc9e5e7b3ca0ce00e10a6.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3040 wrote to memory of 2564 3040 b82cb510100cc9e5e7b3ca0ce00e10a6.exe 28 PID 3040 wrote to memory of 2564 3040 b82cb510100cc9e5e7b3ca0ce00e10a6.exe 28 PID 3040 wrote to memory of 2564 3040 b82cb510100cc9e5e7b3ca0ce00e10a6.exe 28 PID 3040 wrote to memory of 2564 3040 b82cb510100cc9e5e7b3ca0ce00e10a6.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\b82cb510100cc9e5e7b3ca0ce00e10a6.exe"C:\Users\Admin\AppData\Local\Temp\b82cb510100cc9e5e7b3ca0ce00e10a6.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3040 -
C:\Users\Admin\AppData\Local\Temp\b82cb510100cc9e5e7b3ca0ce00e10a6.exeC:\Users\Admin\AppData\Local\Temp\b82cb510100cc9e5e7b3ca0ce00e10a6.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2564
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.9MB
MD560f0ac863de74e0fb9a23af6c9e8dd7f
SHA10bcd47eabaaf8125296cbd40721c6339d7b880b4
SHA25698e4f71648f0a4033c8516bc70d012bef9646f519d938fd25998d5600d338672
SHA51236e4be03845f2b4ae8145d957fc4f984b4f5923ca22449e9245f2405784cb53c91879d3fe3a7532a8067211309eec1fc37f347e5f21da5f70ebded74a562804c
-
Filesize
1.5MB
MD5d2daef3949e1276fb550ecce81595308
SHA19fe253ba2eac9afd55849838f68ca8038f13fbfb
SHA2564339550eb80dcaac2771ad85d4f26a9e6253e6c795405de95b612c0ae8311d0a
SHA51279421b5900eeed2ccd62c38e18ac404b00b4de6890918ccf1fead0db85c0967e1c8ed8a939371434a5e20e0cd76828db39850594402d062e463efcd02b0e0a6f