Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
09-03-2024 17:13
Behavioral task
behavioral1
Sample
bc5bf8f1b628a7a66b77b585b176457f.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
bc5bf8f1b628a7a66b77b585b176457f.exe
Resource
win10v2004-20240226-en
General
-
Target
bc5bf8f1b628a7a66b77b585b176457f.exe
-
Size
2.7MB
-
MD5
bc5bf8f1b628a7a66b77b585b176457f
-
SHA1
22a95c03404a21412039bf5e85a82f9aec362719
-
SHA256
733ef03c87ac6d0ea07b0f3fa208cb17878dafdac14ef9c69595121579ca5d80
-
SHA512
256e58715ef684b76f7cac6edd9c56e061bf3ffe0e1b723d23db3fab8fb162369b16bb4b965f4fd1612bb96d6cef5539a478346838db5318449fcbb790901303
-
SSDEEP
49152:SynDWiL2LIMFyHjE4OtBr4t5sR9b3Wtdaf/wEwJDMya/QP8llF7g4R9j:Jnx28Mntut5sHAaffwJDMya/QPug4Hj
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 64 bc5bf8f1b628a7a66b77b585b176457f.exe -
Executes dropped EXE 1 IoCs
pid Process 64 bc5bf8f1b628a7a66b77b585b176457f.exe -
resource yara_rule behavioral2/memory/4808-0-0x0000000000400000-0x00000000008E7000-memory.dmp upx behavioral2/files/0x000700000001ebc7-12.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 4808 bc5bf8f1b628a7a66b77b585b176457f.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 4808 bc5bf8f1b628a7a66b77b585b176457f.exe 64 bc5bf8f1b628a7a66b77b585b176457f.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4808 wrote to memory of 64 4808 bc5bf8f1b628a7a66b77b585b176457f.exe 88 PID 4808 wrote to memory of 64 4808 bc5bf8f1b628a7a66b77b585b176457f.exe 88 PID 4808 wrote to memory of 64 4808 bc5bf8f1b628a7a66b77b585b176457f.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\bc5bf8f1b628a7a66b77b585b176457f.exe"C:\Users\Admin\AppData\Local\Temp\bc5bf8f1b628a7a66b77b585b176457f.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4808 -
C:\Users\Admin\AppData\Local\Temp\bc5bf8f1b628a7a66b77b585b176457f.exeC:\Users\Admin\AppData\Local\Temp\bc5bf8f1b628a7a66b77b585b176457f.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:64
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.7MB
MD598acac1585fa5ffe1e32d9cef9930c25
SHA16a4416a4d5e201fde86018d674ef5e37586b3079
SHA256862c6cb9db5edab8cf513d24529876f8c5875eff0c463c628ff64db9b73eb886
SHA5127083125fe332cb94b789cfab6b9c39920fd410299c03c49f6e6ca9c680be7d9dc71d3c78964e2b995790d42bdaf924619152c9f6f6533bf95fbea6a0ac5ee754