Analysis
-
max time kernel
120s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
09-03-2024 13:15
Behavioral task
behavioral1
Sample
bbe660a686e731e57019dcca9e7acd1a.exe
Resource
win7-20240221-en
General
-
Target
bbe660a686e731e57019dcca9e7acd1a.exe
-
Size
2.9MB
-
MD5
bbe660a686e731e57019dcca9e7acd1a
-
SHA1
b1f2d1207f4deffc06f5a8d9d79f71d1c5f42795
-
SHA256
1d1f6158e002a614569cf732706563478c31c021ef35d6a6750c1301d2c6275c
-
SHA512
d98750e053cac65cb78e3a093918ebbe11e6718dc3ee855bb91f8acf713d9f4819c2848d931127b39254e060906e27734dd29673d7e209bf38d744b2fbb7a03c
-
SSDEEP
49152:MdyeMiGX652zUI5Zkbx2kFko9Baj8BBT4SfcsUjoh48TyMPkXdwkyZ:MdyeGzv5ZkVVGoHau42c1joCjMPkNwk6
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2596 bbe660a686e731e57019dcca9e7acd1a.exe -
Executes dropped EXE 1 IoCs
pid Process 2596 bbe660a686e731e57019dcca9e7acd1a.exe -
Loads dropped DLL 1 IoCs
pid Process 2244 bbe660a686e731e57019dcca9e7acd1a.exe -
resource yara_rule behavioral1/memory/2244-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x000b00000001222a-10.dat upx behavioral1/files/0x000b00000001222a-12.dat upx behavioral1/memory/2244-15-0x00000000037F0000-0x0000000003CDF000-memory.dmp upx behavioral1/memory/2596-17-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2244 bbe660a686e731e57019dcca9e7acd1a.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2244 bbe660a686e731e57019dcca9e7acd1a.exe 2596 bbe660a686e731e57019dcca9e7acd1a.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2244 wrote to memory of 2596 2244 bbe660a686e731e57019dcca9e7acd1a.exe 28 PID 2244 wrote to memory of 2596 2244 bbe660a686e731e57019dcca9e7acd1a.exe 28 PID 2244 wrote to memory of 2596 2244 bbe660a686e731e57019dcca9e7acd1a.exe 28 PID 2244 wrote to memory of 2596 2244 bbe660a686e731e57019dcca9e7acd1a.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\bbe660a686e731e57019dcca9e7acd1a.exe"C:\Users\Admin\AppData\Local\Temp\bbe660a686e731e57019dcca9e7acd1a.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2244 -
C:\Users\Admin\AppData\Local\Temp\bbe660a686e731e57019dcca9e7acd1a.exeC:\Users\Admin\AppData\Local\Temp\bbe660a686e731e57019dcca9e7acd1a.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2596
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.1MB
MD50b2746f1299e7e31ff373f11fc01d93c
SHA152c7eabd63fd67d789aeab695bcd4a5ed2896bc2
SHA2563739933a3ff5b3a091a631151bfad375d74369c9522f84d4ac08578d76812d05
SHA512a50585bc50f8d9b90764fd0b6f564cf755c5b6bb9390ac5308eb70aef4a8499f63ae4fb34cf44cdf686b9ad2e223f32d54f54bd16167a910dd526d18c2409f03
-
Filesize
2.9MB
MD5f3bcdac031873b9fd86e38209df06183
SHA17ba09250d5c0cdd85fcff80d8dd8d94326ea2888
SHA2561cdada868649df01f0600ed1252410957e5f6594d8d2015944fb7e7099815991
SHA512d3f5fcd7105cc04adb9fc3b5d612ff2fd348742380349f0bba92f2b0b91f0c2bf3d214973cb277ff29efda560387566494dc6c1542e826a74d07af4ff172fa0d