Analysis
-
max time kernel
121s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
07/03/2024, 20:22
Behavioral task
behavioral1
Sample
b991d982faec019c8a027c1c16133209.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b991d982faec019c8a027c1c16133209.exe
Resource
win10v2004-20240226-en
General
-
Target
b991d982faec019c8a027c1c16133209.exe
-
Size
1.3MB
-
MD5
b991d982faec019c8a027c1c16133209
-
SHA1
4e27c162315b663f96b4699a7ad2036dce597fff
-
SHA256
f29eb8f721ee3210dfcdbb7245c36ca05d72f78e9182e72e745de78870bf8d97
-
SHA512
db7e0d5282e9a8d2a952f3b64e45adaf19d04defe5a17b0daeed854d660b50790c738d7884d7b972386b97b0069ae89366ed646dc8ed5a50f8c4a7de08c53714
-
SSDEEP
24576:fcxj8Oixz03mk5D6wrnZ3dfWcrtMFjnEeh0NOb6rcvG:fcxIOszrOFrnZ3VWcrtMZEU
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2744 b991d982faec019c8a027c1c16133209.exe -
Executes dropped EXE 1 IoCs
pid Process 2744 b991d982faec019c8a027c1c16133209.exe -
Loads dropped DLL 1 IoCs
pid Process 2204 b991d982faec019c8a027c1c16133209.exe -
resource yara_rule behavioral1/memory/2204-0-0x0000000000400000-0x000000000086A000-memory.dmp upx behavioral1/files/0x000b000000012257-11.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2204 b991d982faec019c8a027c1c16133209.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2204 b991d982faec019c8a027c1c16133209.exe 2744 b991d982faec019c8a027c1c16133209.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2204 wrote to memory of 2744 2204 b991d982faec019c8a027c1c16133209.exe 28 PID 2204 wrote to memory of 2744 2204 b991d982faec019c8a027c1c16133209.exe 28 PID 2204 wrote to memory of 2744 2204 b991d982faec019c8a027c1c16133209.exe 28 PID 2204 wrote to memory of 2744 2204 b991d982faec019c8a027c1c16133209.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\b991d982faec019c8a027c1c16133209.exe"C:\Users\Admin\AppData\Local\Temp\b991d982faec019c8a027c1c16133209.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2204 -
C:\Users\Admin\AppData\Local\Temp\b991d982faec019c8a027c1c16133209.exeC:\Users\Admin\AppData\Local\Temp\b991d982faec019c8a027c1c16133209.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2744
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.3MB
MD56c61492e0dce1d158cd8e5b86a6ab47e
SHA11a5c05b30b86791a0dfa50c01b23e29f2775fd6a
SHA256d3b6bb0824a011260d5d03e6e5a7a17a4a84bef0e05380c244b4b67b01bd6e94
SHA5128da61f5360eae4e1b0165059cd63a73cb7d2043af0108b01a993d01bfdba2bde00b6a0ef1d6e3623be32c3929a37e8af4127098cd93b95f125d54eb99e27fc7e