Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
10/03/2024, 16:31
Behavioral task
behavioral1
Sample
bf13a6c376b5a1496e188dd07a47dfbe.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
bf13a6c376b5a1496e188dd07a47dfbe.exe
Resource
win10v2004-20240226-en
General
-
Target
bf13a6c376b5a1496e188dd07a47dfbe.exe
-
Size
1.3MB
-
MD5
bf13a6c376b5a1496e188dd07a47dfbe
-
SHA1
4fb44812189a6a7685437de91361482c5fd469ed
-
SHA256
2ae7a48bcf7930076298cd9a181de3bc83effe79699eea4e17cac316ec02dd25
-
SHA512
a48ef8c77bb1ffb026666eed717b72a074254481cfd7833d0fa9c9176c0d6659689f16e9b2c3af3b0daad4f51bc12c570474a1885655811cfe7d03dda10576e5
-
SSDEEP
24576:zE3BsSSdWQXZgzGdhH7nmNmZtr+HObuHzrzNSqOUbXXBVgePcNUd09dEU9/9Us:zE3iBdWQXukJmN0eOizrzYkLxp0R9j
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1612 bf13a6c376b5a1496e188dd07a47dfbe.exe -
Executes dropped EXE 1 IoCs
pid Process 1612 bf13a6c376b5a1496e188dd07a47dfbe.exe -
resource yara_rule behavioral2/memory/2112-0-0x0000000000400000-0x00000000008E7000-memory.dmp upx behavioral2/files/0x000700000001e59e-11.dat upx behavioral2/memory/1612-13-0x0000000000400000-0x00000000008E7000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2112 bf13a6c376b5a1496e188dd07a47dfbe.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2112 bf13a6c376b5a1496e188dd07a47dfbe.exe 1612 bf13a6c376b5a1496e188dd07a47dfbe.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2112 wrote to memory of 1612 2112 bf13a6c376b5a1496e188dd07a47dfbe.exe 88 PID 2112 wrote to memory of 1612 2112 bf13a6c376b5a1496e188dd07a47dfbe.exe 88 PID 2112 wrote to memory of 1612 2112 bf13a6c376b5a1496e188dd07a47dfbe.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\bf13a6c376b5a1496e188dd07a47dfbe.exe"C:\Users\Admin\AppData\Local\Temp\bf13a6c376b5a1496e188dd07a47dfbe.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2112 -
C:\Users\Admin\AppData\Local\Temp\bf13a6c376b5a1496e188dd07a47dfbe.exeC:\Users\Admin\AppData\Local\Temp\bf13a6c376b5a1496e188dd07a47dfbe.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:1612
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.3MB
MD55df50e9840687018919753aa39ce7b2d
SHA1478f5389e897bc0cb1f87ad225b16e7aa6da10b1
SHA2560cd004294f8ba5cc37a7c81fc144a52536273fe7253fe3f54724fa9b8c4598e2
SHA512c8638dc9a862ad5ef6b83ceba0428754d555812598f500d007c43ea28d3e8f54449816b9aeac4349caf2473d47a21b53ef3eb327a79f497baa8a66ee04dcbf89