Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
07-03-2024 19:37
Behavioral task
behavioral1
Sample
b97eb20d9cd4df21c713866e51e2aff3.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b97eb20d9cd4df21c713866e51e2aff3.exe
Resource
win10v2004-20240226-en
General
-
Target
b97eb20d9cd4df21c713866e51e2aff3.exe
-
Size
5.3MB
-
MD5
b97eb20d9cd4df21c713866e51e2aff3
-
SHA1
3e59b574b543e60e4842fc2df208b78e85cb5916
-
SHA256
1015ea42f955bb7d199d166800a1831ffda77e2bf81535880fef0cb2f877e614
-
SHA512
17cf26a872c4a5978f55ce36da14d70eb78f93ca398703c5542efd374bdf1a780614ea664603844a5f16eb29ddd8af66048f71b36c7f496c05937593820bf711
-
SSDEEP
98304:i3+wQB/D3aG8Ml6y34qm29a3c59gsHYikPTPd8BiBfBaFqm29a3c59gsHYikp:U+wSeab8uZgHXd8+BaxuZgHF
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 4548 b97eb20d9cd4df21c713866e51e2aff3.exe -
Executes dropped EXE 1 IoCs
pid Process 4548 b97eb20d9cd4df21c713866e51e2aff3.exe -
resource yara_rule behavioral2/memory/4408-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x000e00000002313e-11.dat upx behavioral2/memory/4548-12-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 4408 b97eb20d9cd4df21c713866e51e2aff3.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 4408 b97eb20d9cd4df21c713866e51e2aff3.exe 4548 b97eb20d9cd4df21c713866e51e2aff3.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4408 wrote to memory of 4548 4408 b97eb20d9cd4df21c713866e51e2aff3.exe 89 PID 4408 wrote to memory of 4548 4408 b97eb20d9cd4df21c713866e51e2aff3.exe 89 PID 4408 wrote to memory of 4548 4408 b97eb20d9cd4df21c713866e51e2aff3.exe 89
Processes
-
C:\Users\Admin\AppData\Local\Temp\b97eb20d9cd4df21c713866e51e2aff3.exe"C:\Users\Admin\AppData\Local\Temp\b97eb20d9cd4df21c713866e51e2aff3.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4408 -
C:\Users\Admin\AppData\Local\Temp\b97eb20d9cd4df21c713866e51e2aff3.exeC:\Users\Admin\AppData\Local\Temp\b97eb20d9cd4df21c713866e51e2aff3.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:4548
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.3MB
MD5ef7e7c98a686fa07fb27511b4ec3ba59
SHA16f1c5b2a1fcd33100fca95a311793ce3d8a21ddb
SHA256220b0fa0b7c792d21442a2766bb0a608735dbd61e3659f76d65a173802d42c20
SHA512c63b7155f1d54ebb01094503a6c4119a57971517b2b790a56c7cd78e1d1e09fa46860d5fa06d202bfddaefd4afee6b2f4b5af6472cdac9a57436f92e970a1086