Analysis
-
max time kernel
117s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
08-03-2024 11:25
Behavioral task
behavioral1
Sample
bb2525d88b207a9f40b513b1bce2d3a1.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
bb2525d88b207a9f40b513b1bce2d3a1.exe
Resource
win10v2004-20240226-en
General
-
Target
bb2525d88b207a9f40b513b1bce2d3a1.exe
-
Size
2.9MB
-
MD5
bb2525d88b207a9f40b513b1bce2d3a1
-
SHA1
982bce9fac2c152a5939a85f0dc6651c9e1b0ac1
-
SHA256
000b8eeb58de61285a9f6f6f176a61bc26119db913d242c491e7db53cc9cf5df
-
SHA512
0f76a0f93059597dee76e39a4bd3f499c7dd39bed0c43f8bc9ea065c8dea65c71f7aefdaed32f7f38ad35d151271cdcbeaa30466cd0765c997357e0047d39e56
-
SSDEEP
49152:mTckNkYGinPjBSjxgAVStecc4FrK514mNhnN74NH5HUyNRcUsCVOzetdZJ:ofTGibyNV2Y51r4HBUCczzM3
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2360 bb2525d88b207a9f40b513b1bce2d3a1.exe -
Executes dropped EXE 1 IoCs
pid Process 2360 bb2525d88b207a9f40b513b1bce2d3a1.exe -
Loads dropped DLL 1 IoCs
pid Process 1704 bb2525d88b207a9f40b513b1bce2d3a1.exe -
resource yara_rule behavioral1/memory/1704-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x000b000000012257-10.dat upx behavioral1/files/0x000b000000012257-15.dat upx behavioral1/memory/2360-16-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1704 bb2525d88b207a9f40b513b1bce2d3a1.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1704 bb2525d88b207a9f40b513b1bce2d3a1.exe 2360 bb2525d88b207a9f40b513b1bce2d3a1.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1704 wrote to memory of 2360 1704 bb2525d88b207a9f40b513b1bce2d3a1.exe 28 PID 1704 wrote to memory of 2360 1704 bb2525d88b207a9f40b513b1bce2d3a1.exe 28 PID 1704 wrote to memory of 2360 1704 bb2525d88b207a9f40b513b1bce2d3a1.exe 28 PID 1704 wrote to memory of 2360 1704 bb2525d88b207a9f40b513b1bce2d3a1.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\bb2525d88b207a9f40b513b1bce2d3a1.exe"C:\Users\Admin\AppData\Local\Temp\bb2525d88b207a9f40b513b1bce2d3a1.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1704 -
C:\Users\Admin\AppData\Local\Temp\bb2525d88b207a9f40b513b1bce2d3a1.exeC:\Users\Admin\AppData\Local\Temp\bb2525d88b207a9f40b513b1bce2d3a1.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2360
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
147KB
MD5126cb022df332e78e572890efe28ddf5
SHA15cc4f7e82f086d5094113f8bd668cc4769e8b94c
SHA2561f7b8313b3655583ce182260f1057d3044c107f305e4844d927da889b68c3d68
SHA512fef0024c95e05356e6898974e502d1c5bf6c46d35fed27f38c98ef9e32c2f9de0c8a27e2612278a3e1971b8a9cd7e31f89144f834878abe03d28f26678506d74