Analysis
-
max time kernel
151s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
08-03-2024 11:25
Behavioral task
behavioral1
Sample
bb2525d88b207a9f40b513b1bce2d3a1.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
bb2525d88b207a9f40b513b1bce2d3a1.exe
Resource
win10v2004-20240226-en
General
-
Target
bb2525d88b207a9f40b513b1bce2d3a1.exe
-
Size
2.9MB
-
MD5
bb2525d88b207a9f40b513b1bce2d3a1
-
SHA1
982bce9fac2c152a5939a85f0dc6651c9e1b0ac1
-
SHA256
000b8eeb58de61285a9f6f6f176a61bc26119db913d242c491e7db53cc9cf5df
-
SHA512
0f76a0f93059597dee76e39a4bd3f499c7dd39bed0c43f8bc9ea065c8dea65c71f7aefdaed32f7f38ad35d151271cdcbeaa30466cd0765c997357e0047d39e56
-
SSDEEP
49152:mTckNkYGinPjBSjxgAVStecc4FrK514mNhnN74NH5HUyNRcUsCVOzetdZJ:ofTGibyNV2Y51r4HBUCczzM3
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3776 bb2525d88b207a9f40b513b1bce2d3a1.exe -
Executes dropped EXE 1 IoCs
pid Process 3776 bb2525d88b207a9f40b513b1bce2d3a1.exe -
resource yara_rule behavioral2/memory/5104-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x00050000000224ff-11.dat upx behavioral2/memory/3776-13-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 5104 bb2525d88b207a9f40b513b1bce2d3a1.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 5104 bb2525d88b207a9f40b513b1bce2d3a1.exe 3776 bb2525d88b207a9f40b513b1bce2d3a1.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 5104 wrote to memory of 3776 5104 bb2525d88b207a9f40b513b1bce2d3a1.exe 88 PID 5104 wrote to memory of 3776 5104 bb2525d88b207a9f40b513b1bce2d3a1.exe 88 PID 5104 wrote to memory of 3776 5104 bb2525d88b207a9f40b513b1bce2d3a1.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\bb2525d88b207a9f40b513b1bce2d3a1.exe"C:\Users\Admin\AppData\Local\Temp\bb2525d88b207a9f40b513b1bce2d3a1.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:5104 -
C:\Users\Admin\AppData\Local\Temp\bb2525d88b207a9f40b513b1bce2d3a1.exeC:\Users\Admin\AppData\Local\Temp\bb2525d88b207a9f40b513b1bce2d3a1.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:3776
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.9MB
MD5627e6d21a6ea4350a6b2bc98fe5da582
SHA12ff7b1a7f44804e185a26a47b3e09a7bc98848a9
SHA256672f517fc886ed6be3afc245ce012895fa7537822db5a11402f04ac779960870
SHA512e182eae2142ecdbce3a3de18a593558d23f1dce3a3796162515afd724cac216e4969b958f6d6bd53b79d9cf669e5bd06e37222e0bac95887d16799e75462655a