3b417161cb065eb9e8f5ff60b623d4ec2c112850264268f3cd0071aa7482be7b

Analysis

max time kernel
144s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/03/2024, 06:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bdda72e1e2d02c9ebb0a3a7f13a3974e.exe
Size

385KB
MD5

bdda72e1e2d02c9ebb0a3a7f13a3974e
SHA1

9d19ce8509a67d1fac0f7ab9cd75f316ed65cd3d
SHA256

3b417161cb065eb9e8f5ff60b623d4ec2c112850264268f3cd0071aa7482be7b
SHA512

785b43939b9a1c7ed1a69c75522f40d2d0edc3c2f92d4930a5c7fc2a57d65a5ef781ed4f08f667344153f1b8b182b7b82e2fd14f75fb73408fab21f55e53928d
SSDEEP

6144:0zM8/PW4I8DOAOpA/Ih+I/04vKbapIg/+qxiecKPdQ/71cXJ6YVAqWWwCF9MmyIp:QMuPW4EqAhb1KepXwAQJLWIHIB

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1216	bdda72e1e2d02c9ebb0a3a7f13a3974e.exe

Executes dropped EXE 1 IoCs

pid	Process
1216	bdda72e1e2d02c9ebb0a3a7f13a3974e.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
31	pastebin.com
32	pastebin.com

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3432	bdda72e1e2d02c9ebb0a3a7f13a3974e.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3432	bdda72e1e2d02c9ebb0a3a7f13a3974e.exe
1216	bdda72e1e2d02c9ebb0a3a7f13a3974e.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3432 wrote to memory of 1216	3432	bdda72e1e2d02c9ebb0a3a7f13a3974e.exe	96
PID 3432 wrote to memory of 1216	3432	bdda72e1e2d02c9ebb0a3a7f13a3974e.exe	96
PID 3432 wrote to memory of 1216	3432	bdda72e1e2d02c9ebb0a3a7f13a3974e.exe	96

C:\Users\Admin\AppData\Local\Temp\bdda72e1e2d02c9ebb0a3a7f13a3974e.exe
"C:\Users\Admin\AppData\Local\Temp\bdda72e1e2d02c9ebb0a3a7f13a3974e.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3432
- C:\Users\Admin\AppData\Local\Temp\bdda72e1e2d02c9ebb0a3a7f13a3974e.exe
  C:\Users\Admin\AppData\Local\Temp\bdda72e1e2d02c9ebb0a3a7f13a3974e.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4140 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8
1⤵
PID:4156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\bdda72e1e2d02c9ebb0a3a7f13a3974e.exe

Filesize
385KB

MD5
df68c49e1b697f81ebb800d6fe49c1a6

SHA1
55a9a6e6fca5be82750eaefd33289b29876170d5

SHA256
18e8de67c8305b84c7fa3e125a3c0034e97f6a23e259ba932c4854f3f1b9e3e3

SHA512
7d4406e7f489f8581f2557d41cbc82ac0b2c515d9020d1dd3278aefab317db335367891eb53b8f1cf11fc507b95da199d4a85e9168789f5ef86e68c54e52fd8a

Download Submit
memory/1216-13-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/1216-14-0x0000000000150000-0x00000000001B6000-memory.dmp

Filesize
408KB

Download
memory/1216-20-0x0000000004E90000-0x0000000004EEF000-memory.dmp

Filesize
380KB

Download
memory/1216-21-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/1216-30-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1216-33-0x000000000C640000-0x000000000C67C000-memory.dmp

Filesize
240KB

Download
memory/1216-36-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/3432-0-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/3432-1-0x00000000014D0000-0x0000000001536000-memory.dmp

Filesize
408KB

Download
memory/3432-2-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/3432-11-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download