Analysis
-
max time kernel
90s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
11/03/2024, 19:40
Static task
static1
Behavioral task
behavioral1
Sample
c16eb08f855513ae5a3f4c71434a4741.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c16eb08f855513ae5a3f4c71434a4741.exe
Resource
win10v2004-20231215-en
General
-
Target
c16eb08f855513ae5a3f4c71434a4741.exe
-
Size
385KB
-
MD5
c16eb08f855513ae5a3f4c71434a4741
-
SHA1
31d10377c23107be7cb8735f5f5bef5cefa6f5c6
-
SHA256
11110b49e161716c50adde110982142018ccdc69cbbbe2d9fd3b1582934d49c9
-
SHA512
4d9ae6861a0377bb9581e32afc9057bc802b9cab6dca37d57a9d5513c01891b081b9a7b2dc88e0005ea73f39afbe3875a756ad3ebc3de33ffee99a65eb1b4577
-
SSDEEP
12288:S/H7LS0eDvabzdSf4zs1UWaSwZNzyYyqbUzmVjsB:2qiH8Qzs1WSeQYjbUAIB
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3324 c16eb08f855513ae5a3f4c71434a4741.exe -
Executes dropped EXE 1 IoCs
pid Process 3324 c16eb08f855513ae5a3f4c71434a4741.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 6 pastebin.com 8 pastebin.com -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3372 c16eb08f855513ae5a3f4c71434a4741.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 3372 c16eb08f855513ae5a3f4c71434a4741.exe 3324 c16eb08f855513ae5a3f4c71434a4741.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3372 wrote to memory of 3324 3372 c16eb08f855513ae5a3f4c71434a4741.exe 84 PID 3372 wrote to memory of 3324 3372 c16eb08f855513ae5a3f4c71434a4741.exe 84 PID 3372 wrote to memory of 3324 3372 c16eb08f855513ae5a3f4c71434a4741.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\c16eb08f855513ae5a3f4c71434a4741.exe"C:\Users\Admin\AppData\Local\Temp\c16eb08f855513ae5a3f4c71434a4741.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3372 -
C:\Users\Admin\AppData\Local\Temp\c16eb08f855513ae5a3f4c71434a4741.exeC:\Users\Admin\AppData\Local\Temp\c16eb08f855513ae5a3f4c71434a4741.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:3324
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
385KB
MD5ac3b113213a86ca2929560283c19b21c
SHA1b1d1255218da9c55c497ae19eb5596e4bd253aaa
SHA256f12647e62b7f59130da8bb6f720a4b28b9be518e48f6587df1fb03edf953ee39
SHA51205a5d6390f14a90744818849d4d11e771f97bcd6ac9cd579c922019ef7b50dc53690c3c968af3a739c66f13e3568a9a89a19e12ce935ee9fdc23d9ff1939e143