Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
08-03-2024 00:47
Behavioral task
behavioral1
Sample
ba180590786db12ec1080fee2516aca4.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
ba180590786db12ec1080fee2516aca4.exe
Resource
win10v2004-20231215-en
General
-
Target
ba180590786db12ec1080fee2516aca4.exe
-
Size
5.3MB
-
MD5
ba180590786db12ec1080fee2516aca4
-
SHA1
5070f71c8f34f303c1677161b7b616f3cea80dd8
-
SHA256
7a90fa5cef6cf8a4ecf36ff8cbeef7f1b40386c08a7b6b51a9c0238df9bec61b
-
SHA512
86c7fe85668a3986050f68343e1634ed258ad9e84a4b486dd280fb3afe9bc8bd3f082b5792b4148edf8bf85e4d4b6d0bd8aca4e23c3dd7143fd2ad38f7f6105e
-
SSDEEP
98304:LAfhnsQ2gdWhgd6H158sipz/vx69i4ukVTvojhlwF2mo6B7d58sipz/vx69i4ukf:Lin7zWa6HX8si9/vx69iquMhDf8si9/W
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2128 ba180590786db12ec1080fee2516aca4.exe -
Executes dropped EXE 1 IoCs
pid Process 2128 ba180590786db12ec1080fee2516aca4.exe -
Loads dropped DLL 1 IoCs
pid Process 2352 ba180590786db12ec1080fee2516aca4.exe -
resource yara_rule behavioral1/memory/2352-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x000a000000012252-15.dat upx behavioral1/files/0x000a000000012252-10.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2352 ba180590786db12ec1080fee2516aca4.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2352 ba180590786db12ec1080fee2516aca4.exe 2128 ba180590786db12ec1080fee2516aca4.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2352 wrote to memory of 2128 2352 ba180590786db12ec1080fee2516aca4.exe 29 PID 2352 wrote to memory of 2128 2352 ba180590786db12ec1080fee2516aca4.exe 29 PID 2352 wrote to memory of 2128 2352 ba180590786db12ec1080fee2516aca4.exe 29 PID 2352 wrote to memory of 2128 2352 ba180590786db12ec1080fee2516aca4.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\ba180590786db12ec1080fee2516aca4.exe"C:\Users\Admin\AppData\Local\Temp\ba180590786db12ec1080fee2516aca4.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2352 -
C:\Users\Admin\AppData\Local\Temp\ba180590786db12ec1080fee2516aca4.exeC:\Users\Admin\AppData\Local\Temp\ba180590786db12ec1080fee2516aca4.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2128
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.1MB
MD53f8ecf328bae68d4d5de52a38c1082b6
SHA12df57e09262d768deafdeeee4e195dc896150001
SHA256239e83971f3438be57d1a7d1f326fd7c5ff176e5746425dde1e2551eff84a55f
SHA512cd58011deed87cc912d957499bd11043b009b1d5215c0d147d435082f1e9c637b223221720ab61a9ca9ca7f66c695597c8e03eded8e162d3c0c30e0ec0ab7c2a
-
Filesize
5.3MB
MD5390b6ccf4bffcf0dbbcb23743d13b7be
SHA18dcd70099e700d50310608d04c168982927df72c
SHA25630ba31e725313075f79c85efc18cd28741a56f353e2b34d2aecfd78c2a140aed
SHA5123ec2a2d13938d520af919dedb9a881cf92818abce7f9d8b5eed2bbe5c17cfc10c763712d192a2446956825c0fb8273bce4441143c24ff9b6bf74742aac00987d