02ca4e9be871b6bd21136efc96809374a2dbf7422072d8ec5c477b9cb7c3661a

Analysis

max time kernel
165s
max time network
168s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2024, 10:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c05f92828f414facf0b44887e1eef05d.exe
Size

771KB
MD5

c05f92828f414facf0b44887e1eef05d
SHA1

e1dda6ca6919bf862731146fe74a05abaefb78e9
SHA256

02ca4e9be871b6bd21136efc96809374a2dbf7422072d8ec5c477b9cb7c3661a
SHA512

d346a5afc8dda45a18236f5d8d8fa1fc0673070a9d672cdac142b53c3c70c8c92acfb91c05d819caa0bc06c86b71d0be8ab702d4ce6a6a8012e8e3f88fb084f5
SSDEEP

24576:FeBLDQQD2VXSRjUCrsb10hJaothZ2/T6FBBB:y/ICrG/ofT

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2052	c05f92828f414facf0b44887e1eef05d.exe

Executes dropped EXE 1 IoCs

pid	Process
2052	c05f92828f414facf0b44887e1eef05d.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
41	pastebin.com
42	pastebin.com

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4708	c05f92828f414facf0b44887e1eef05d.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4708	c05f92828f414facf0b44887e1eef05d.exe
2052	c05f92828f414facf0b44887e1eef05d.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4708 wrote to memory of 2052	4708	c05f92828f414facf0b44887e1eef05d.exe	97
PID 4708 wrote to memory of 2052	4708	c05f92828f414facf0b44887e1eef05d.exe	97
PID 4708 wrote to memory of 2052	4708	c05f92828f414facf0b44887e1eef05d.exe	97

C:\Users\Admin\AppData\Local\Temp\c05f92828f414facf0b44887e1eef05d.exe
"C:\Users\Admin\AppData\Local\Temp\c05f92828f414facf0b44887e1eef05d.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4708
- C:\Users\Admin\AppData\Local\Temp\c05f92828f414facf0b44887e1eef05d.exe
  C:\Users\Admin\AppData\Local\Temp\c05f92828f414facf0b44887e1eef05d.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4256 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8
1⤵
PID:2572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\c05f92828f414facf0b44887e1eef05d.exe

Filesize
771KB

MD5
0016cfc2977bae7e17d8ee35569349d7

SHA1
4574ebc12234d5b983dfb87c709826e7085fa032

SHA256
16c62fb5eefb1ae553a69e7f79a37096e2c9dcd2e0434e88c9eee227b56341fb

SHA512
0482a64c029d2997973d0d7d55c59bbf3e347f80f2c99316bcf981d672c8378bfdf764781f1090784abe554d7502dc22882091b7cce79530817ac627c7eb97ce

Download Submit
memory/2052-13-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/2052-14-0x00000000015A0000-0x0000000001606000-memory.dmp

Filesize
408KB

Download
memory/2052-20-0x0000000004E90000-0x0000000004EEF000-memory.dmp

Filesize
380KB

Download
memory/2052-21-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2052-32-0x000000000B600000-0x000000000B63C000-memory.dmp

Filesize
240KB

Download
memory/2052-30-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2052-36-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/4708-0-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/4708-1-0x00000000014D0000-0x0000000001536000-memory.dmp

Filesize
408KB

Download
memory/4708-2-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/4708-11-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download