Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
09-03-2024 14:35
Behavioral task
behavioral1
Sample
bc0d9b263316bb636f51b2776ed8d4a3.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
bc0d9b263316bb636f51b2776ed8d4a3.exe
Resource
win10v2004-20240226-en
General
-
Target
bc0d9b263316bb636f51b2776ed8d4a3.exe
-
Size
2.7MB
-
MD5
bc0d9b263316bb636f51b2776ed8d4a3
-
SHA1
99432f1cd28f0f02be9b8d4768b061c38f89bae5
-
SHA256
1914124098ae620392080dc81fb97fe6025734316d772c3bab624703259176fa
-
SHA512
2f321503d36550f032d44c688f3ddc6f33c22cc277a5185d10a3e338cad8fd3b3a1a998b091eb3dfe145f071c13f45064bc9c244aea01f8a27b79bc4f5ebc96f
-
SSDEEP
49152:u3WxOP/4X6ixg8qaQ9nSoSS7IyCbxIEQADQsEp:u3/4qixg8qaQRSojeH79Ep
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 964 bc0d9b263316bb636f51b2776ed8d4a3.exe -
Executes dropped EXE 1 IoCs
pid Process 964 bc0d9b263316bb636f51b2776ed8d4a3.exe -
resource yara_rule behavioral2/memory/4676-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x000400000001e980-11.dat upx behavioral2/memory/964-12-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 4676 bc0d9b263316bb636f51b2776ed8d4a3.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 4676 bc0d9b263316bb636f51b2776ed8d4a3.exe 964 bc0d9b263316bb636f51b2776ed8d4a3.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4676 wrote to memory of 964 4676 bc0d9b263316bb636f51b2776ed8d4a3.exe 89 PID 4676 wrote to memory of 964 4676 bc0d9b263316bb636f51b2776ed8d4a3.exe 89 PID 4676 wrote to memory of 964 4676 bc0d9b263316bb636f51b2776ed8d4a3.exe 89
Processes
-
C:\Users\Admin\AppData\Local\Temp\bc0d9b263316bb636f51b2776ed8d4a3.exe"C:\Users\Admin\AppData\Local\Temp\bc0d9b263316bb636f51b2776ed8d4a3.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4676 -
C:\Users\Admin\AppData\Local\Temp\bc0d9b263316bb636f51b2776ed8d4a3.exeC:\Users\Admin\AppData\Local\Temp\bc0d9b263316bb636f51b2776ed8d4a3.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:964
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
448KB
MD54ffe118d19c33f93efb11dbb77b1af44
SHA1aeb5987deffeda4faa35d08b387adcfed9b43688
SHA256575394caae039c1b4309c9d03f04a47b04a904f5551d13b7bc6154b5e2119147
SHA5125c0f0c8baca9fab177279dde546bd3b6da56ec67216f0df38bcc24e8316240a705b4379b442e0dd73b29102833ff6081732870f70549b1dfc829f98545e2094e