Analysis
-
max time kernel
143s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
07-03-2024 12:10
Behavioral task
behavioral1
Sample
b8b391dfda10a19f7dee154c7b4396dd.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b8b391dfda10a19f7dee154c7b4396dd.exe
Resource
win10v2004-20240226-en
General
-
Target
b8b391dfda10a19f7dee154c7b4396dd.exe
-
Size
2.7MB
-
MD5
b8b391dfda10a19f7dee154c7b4396dd
-
SHA1
dff59003c2a395493dcc3eecf38f74ae2aad9d93
-
SHA256
f43876d45e2792b4e94cc6b2ec125859ec51be4a22b8578aed2e92d073ea57c2
-
SHA512
131a231c47054dce9fe1244ee886c566bac65e945260c9b2c951b8f7547a7a732c1dbdea295cbcac8bcfaa4f1219d5a0cb03d6b3ef69b5757f45e4749ea8b155
-
SSDEEP
49152:fYIELe0g+0KGvizMy3dVcEk+naa71XkziW1LuXHmZGs/U:DELe9+HGUMy3dqZ+nJ0/9uXGZpU
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3060 b8b391dfda10a19f7dee154c7b4396dd.exe -
Executes dropped EXE 1 IoCs
pid Process 3060 b8b391dfda10a19f7dee154c7b4396dd.exe -
Loads dropped DLL 1 IoCs
pid Process 2352 b8b391dfda10a19f7dee154c7b4396dd.exe -
resource yara_rule behavioral1/memory/2352-0-0x0000000000400000-0x000000000086A000-memory.dmp upx behavioral1/files/0x000d00000001225b-11.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2352 b8b391dfda10a19f7dee154c7b4396dd.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2352 b8b391dfda10a19f7dee154c7b4396dd.exe 3060 b8b391dfda10a19f7dee154c7b4396dd.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2352 wrote to memory of 3060 2352 b8b391dfda10a19f7dee154c7b4396dd.exe 28 PID 2352 wrote to memory of 3060 2352 b8b391dfda10a19f7dee154c7b4396dd.exe 28 PID 2352 wrote to memory of 3060 2352 b8b391dfda10a19f7dee154c7b4396dd.exe 28 PID 2352 wrote to memory of 3060 2352 b8b391dfda10a19f7dee154c7b4396dd.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\b8b391dfda10a19f7dee154c7b4396dd.exe"C:\Users\Admin\AppData\Local\Temp\b8b391dfda10a19f7dee154c7b4396dd.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2352 -
C:\Users\Admin\AppData\Local\Temp\b8b391dfda10a19f7dee154c7b4396dd.exeC:\Users\Admin\AppData\Local\Temp\b8b391dfda10a19f7dee154c7b4396dd.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:3060
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.7MB
MD5d212e0985bdf8a948c75ad80b54b3d1e
SHA1a998f735e7947720aa831cd0fdaeb4d93730577b
SHA256da82100c83b5ef0acf2076a93ab2afd7ff50132306b5a78d313f2d7b7b21198c
SHA51249bb740ee0be891dee3249d536e0de8e08e35802366141180acf66887b424591bddc5f0ef8332ebd19cda6df12a833ecc3ea72dc0b8e953df1926bafa4945b94