7315f7c2f5aa05465579cf75721ed2eb6a4537ae0bcbefd3955487be9c3dde9b

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
09/03/2024, 14:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bc06b185b2ebe77da0eceefabb34e406.exe
Size

1.6MB
MD5

bc06b185b2ebe77da0eceefabb34e406
SHA1

1548f7b54492dd35d6dd8ab8fb772fc8ff837cb8
SHA256

7315f7c2f5aa05465579cf75721ed2eb6a4537ae0bcbefd3955487be9c3dde9b
SHA512

c63768a60de07b0ff50d02b751493a76970ffe4e3f4a28e369d77e6844bd684281dbc17acdeded4fd2ac2c992d8ea5ab51fa4f52b9a065bfe0a951d4912c83da
SSDEEP

24576:n4sz1a4PlLjOZjzeU1LHR0V9q9GNdHT231mfmK3zKq96BfQpV4QKSvEvkMY0gYGY:FPXOJzeaHqV9eGzzjXp7JsT26tMc

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2540	bc06b185b2ebe77da0eceefabb34e406.exe

Executes dropped EXE 1 IoCs

pid	Process
2540	bc06b185b2ebe77da0eceefabb34e406.exe

Loads dropped DLL 1 IoCs

pid	Process
2292	bc06b185b2ebe77da0eceefabb34e406.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2292	bc06b185b2ebe77da0eceefabb34e406.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2292	bc06b185b2ebe77da0eceefabb34e406.exe
2540	bc06b185b2ebe77da0eceefabb34e406.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 2540	2292	bc06b185b2ebe77da0eceefabb34e406.exe	28
PID 2292 wrote to memory of 2540	2292	bc06b185b2ebe77da0eceefabb34e406.exe	28
PID 2292 wrote to memory of 2540	2292	bc06b185b2ebe77da0eceefabb34e406.exe	28
PID 2292 wrote to memory of 2540	2292	bc06b185b2ebe77da0eceefabb34e406.exe	28

C:\Users\Admin\AppData\Local\Temp\bc06b185b2ebe77da0eceefabb34e406.exe
"C:\Users\Admin\AppData\Local\Temp\bc06b185b2ebe77da0eceefabb34e406.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Users\Admin\AppData\Local\Temp\bc06b185b2ebe77da0eceefabb34e406.exe
  C:\Users\Admin\AppData\Local\Temp\bc06b185b2ebe77da0eceefabb34e406.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\bc06b185b2ebe77da0eceefabb34e406.exe

Filesize
802KB

MD5
3e73baffd3c67a098e626cc9600b3904

SHA1
ff410020bc19f4983bb2405ead5b5cc92fdac86d

SHA256
2b8d326b02e329700ff63d9b65ba2a8aa68baf070acfc0c64e3e8f43595bab27

SHA512
b07f30a43e55d18d0a8f3d38c372df4740589e051f2df55f8beaba41682ae1adc887eeb2062417d756343b638b5f27a5c521cf104bd4fbb30c597b5e174867fd

Download Submit
\Users\Admin\AppData\Local\Temp\bc06b185b2ebe77da0eceefabb34e406.exe

Filesize
1.6MB

MD5
9b87929aacc4de066dc5b4bf400703f4

SHA1
64bbb2ae634a24454ae04b880090cc261d0d867f

SHA256
5afa4e606d3275e43e77f7829e3c1338f320300d29e00557e6eb5a525b69cdd9

SHA512
83d7c0e02aa0388dffb7a17a6f0cc3f630466c1ddc3f7eb43f2fd91092f2aba6a32646c6cd8995bb0fd871179775d0e256b23b8a43115fb56b5b01360bf6314e

Download Submit
memory/2292-0-0x0000000000400000-0x0000000000877000-memory.dmp

Filesize
4.5MB

Download
memory/2292-1-0x0000000000400000-0x000000000064D000-memory.dmp

Filesize
2.3MB

Download
memory/2292-2-0x0000000001AD0000-0x0000000001F47000-memory.dmp

Filesize
4.5MB

Download
memory/2292-13-0x0000000000400000-0x000000000064D000-memory.dmp

Filesize
2.3MB

Download
memory/2292-14-0x00000000039F0000-0x0000000003E67000-memory.dmp

Filesize
4.5MB

Download
memory/2540-16-0x0000000000400000-0x000000000064D000-memory.dmp

Filesize
2.3MB

Download
memory/2540-18-0x0000000001AD0000-0x0000000001F47000-memory.dmp

Filesize
4.5MB

Download
memory/2540-20-0x0000000000400000-0x0000000000877000-memory.dmp

Filesize
4.5MB

Download
memory/2540-23-0x0000000000400000-0x0000000000640000-memory.dmp

Filesize
2.2MB

Download
memory/2540-24-0x00000000038B0000-0x0000000003AFD000-memory.dmp

Filesize
2.3MB

Download