Analysis
-
max time kernel
121s -
max time network
143s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
08-03-2024 10:32
Behavioral task
behavioral1
Sample
bb0982a7bf4ecdb5667e1171e1ef13b1.exe
Resource
win7-20240221-en
General
-
Target
bb0982a7bf4ecdb5667e1171e1ef13b1.exe
-
Size
5.8MB
-
MD5
bb0982a7bf4ecdb5667e1171e1ef13b1
-
SHA1
8c88a025d0094b2849b9a7fb631b780d66e347d5
-
SHA256
444c9ae8d83115c237f19855d81f86eca9b893daa56623b3d47d6c6a75efd849
-
SHA512
27724bcde5df8e5222a947802216fa1bfb1acc9cd9e5d00ee8ed6512f68463058ecc21780d7b4071b855c2f077d574cda8b00053e21cdc5bbaab4ac69747efb9
-
SSDEEP
98304:AyoFJ4xdPpWDyswREHau42c1joCjMPkNwk6alDAqD7z3uboHau42c1joCjMPkNwv:AyVoDEmauq1jI86FA7y2auq1jI86
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2060 bb0982a7bf4ecdb5667e1171e1ef13b1.exe -
Executes dropped EXE 1 IoCs
pid Process 2060 bb0982a7bf4ecdb5667e1171e1ef13b1.exe -
Loads dropped DLL 1 IoCs
pid Process 2928 bb0982a7bf4ecdb5667e1171e1ef13b1.exe -
resource yara_rule behavioral1/memory/2928-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x000f000000012241-10.dat upx behavioral1/files/0x000f000000012241-14.dat upx behavioral1/memory/2060-15-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2928 bb0982a7bf4ecdb5667e1171e1ef13b1.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2928 bb0982a7bf4ecdb5667e1171e1ef13b1.exe 2060 bb0982a7bf4ecdb5667e1171e1ef13b1.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2928 wrote to memory of 2060 2928 bb0982a7bf4ecdb5667e1171e1ef13b1.exe 28 PID 2928 wrote to memory of 2060 2928 bb0982a7bf4ecdb5667e1171e1ef13b1.exe 28 PID 2928 wrote to memory of 2060 2928 bb0982a7bf4ecdb5667e1171e1ef13b1.exe 28 PID 2928 wrote to memory of 2060 2928 bb0982a7bf4ecdb5667e1171e1ef13b1.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\bb0982a7bf4ecdb5667e1171e1ef13b1.exe"C:\Users\Admin\AppData\Local\Temp\bb0982a7bf4ecdb5667e1171e1ef13b1.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2928 -
C:\Users\Admin\AppData\Local\Temp\bb0982a7bf4ecdb5667e1171e1ef13b1.exeC:\Users\Admin\AppData\Local\Temp\bb0982a7bf4ecdb5667e1171e1ef13b1.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2060
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.4MB
MD55e976356abb22f9f0184077fc43f5e04
SHA1fcd3327364d201cbc180dc1c99c1a9f8ea1288d5
SHA2564978c07012cf53bd126143226899290050fdc4dfb3f1ac4545aa6de72ab26801
SHA512b7bfaa2499529ba2586d5bd2a89309321b0ebf96977565185dea0eeac41f94e81d0a0c12a2e600a37f4faafef6b38a0203658e2414e2a3caf18f2fefd2bdc00b
-
Filesize
1.7MB
MD532deb3c1c87296d57d9cb9550234fdfe
SHA1c93ac191ec87598412c60c1ae80af3e7d8077fe6
SHA2560fa2414c88a3fb9faec30b4412f6b6d77e65e90a3a8cc2a9d0f0b1ba9c949076
SHA51204fb41a3920d8a0a35c8fd085738add6f6c13976b755a50271210e1f4c2fda70a8ce86fb62a27a2b57967dd10fef79d0bedcb8dcce0a951ea53c7c923017bb51