Analysis
-
max time kernel
146s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
10/03/2024, 03:01
Static task
static1
Behavioral task
behavioral1
Sample
bd7fbe0fb9779fc37cb8db35af940ff7.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
bd7fbe0fb9779fc37cb8db35af940ff7.exe
Resource
win10v2004-20240226-en
General
-
Target
bd7fbe0fb9779fc37cb8db35af940ff7.exe
-
Size
385KB
-
MD5
bd7fbe0fb9779fc37cb8db35af940ff7
-
SHA1
e2561a8d659f1622c71e9186bcd69d8c0d08f730
-
SHA256
6c45349d56e900ae3c3d993e89373422df323d177fd3e167b501aaad440e6a1e
-
SHA512
f4632f97f3fffe45cdaec277a58d010352065a9752d4c41d5abfe518ed06cc32ecbd64f976dfc46d08e30bb39799ba71a25c0b1cd7d6b3061620c7c6bd77409c
-
SSDEEP
12288:vl1HqdgyguV2Nhvw6ANZN7B+MI+IKAubQB:vTHqdgyIvANH7si7jQB
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 4768 bd7fbe0fb9779fc37cb8db35af940ff7.exe -
Executes dropped EXE 1 IoCs
pid Process 4768 bd7fbe0fb9779fc37cb8db35af940ff7.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 16 pastebin.com 17 pastebin.com -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 4240 bd7fbe0fb9779fc37cb8db35af940ff7.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 4240 bd7fbe0fb9779fc37cb8db35af940ff7.exe 4768 bd7fbe0fb9779fc37cb8db35af940ff7.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4240 wrote to memory of 4768 4240 bd7fbe0fb9779fc37cb8db35af940ff7.exe 88 PID 4240 wrote to memory of 4768 4240 bd7fbe0fb9779fc37cb8db35af940ff7.exe 88 PID 4240 wrote to memory of 4768 4240 bd7fbe0fb9779fc37cb8db35af940ff7.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\bd7fbe0fb9779fc37cb8db35af940ff7.exe"C:\Users\Admin\AppData\Local\Temp\bd7fbe0fb9779fc37cb8db35af940ff7.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4240 -
C:\Users\Admin\AppData\Local\Temp\bd7fbe0fb9779fc37cb8db35af940ff7.exeC:\Users\Admin\AppData\Local\Temp\bd7fbe0fb9779fc37cb8db35af940ff7.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:4768
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
385KB
MD58ed5ec58b8ae5b4855de19a663bfe186
SHA1713735745eb6d965a78c6debb8f63d79d5fb241c
SHA256a9ee953ac9293fdfba41d3e7f9f900ab3f442be7ce68eb8341df875ee4eec4f5
SHA51298e23eeb7341bba21e138304bec43b4ae1229c5430c139fd28f544b0bf326d74942e3ae9fd37875117c865b6b05fd008ad5008175da45cdb17ccf1518cbce841