Analysis
-
max time kernel
90s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
12/03/2024, 12:14
Behavioral task
behavioral1
Sample
c3582b05c1ee2ef091cb1b9e0d4235a6.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
c3582b05c1ee2ef091cb1b9e0d4235a6.exe
Resource
win10v2004-20231215-en
General
-
Target
c3582b05c1ee2ef091cb1b9e0d4235a6.exe
-
Size
2.7MB
-
MD5
c3582b05c1ee2ef091cb1b9e0d4235a6
-
SHA1
f1d7b2cf142b99608870561be5996c61be06e30f
-
SHA256
a5e6cef0100b016ada33f9a543643d2f7f67652f87ecd3681bb194ffe9bf5c22
-
SHA512
300b0214df0f93b0614f31a37571700cd989ba2b68817fe2a7778bd152b8964201614242c5e23d662f042b5bbf98056fc6fb3b23182f738d4a7731bb2b840788
-
SSDEEP
49152:UlSJVlG5MyeY1X7aMJxWRCdIVxSN+CMt4El72W/vKbb//0Sw6j7CSwzBNTyMcp:UwK5MzY1LakWQixSNLMt4EMWabb//0Sn
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 468 c3582b05c1ee2ef091cb1b9e0d4235a6.exe -
Executes dropped EXE 1 IoCs
pid Process 468 c3582b05c1ee2ef091cb1b9e0d4235a6.exe -
resource yara_rule behavioral2/memory/4712-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x000f000000023163-11.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 4712 c3582b05c1ee2ef091cb1b9e0d4235a6.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 4712 c3582b05c1ee2ef091cb1b9e0d4235a6.exe 468 c3582b05c1ee2ef091cb1b9e0d4235a6.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4712 wrote to memory of 468 4712 c3582b05c1ee2ef091cb1b9e0d4235a6.exe 85 PID 4712 wrote to memory of 468 4712 c3582b05c1ee2ef091cb1b9e0d4235a6.exe 85 PID 4712 wrote to memory of 468 4712 c3582b05c1ee2ef091cb1b9e0d4235a6.exe 85
Processes
-
C:\Users\Admin\AppData\Local\Temp\c3582b05c1ee2ef091cb1b9e0d4235a6.exe"C:\Users\Admin\AppData\Local\Temp\c3582b05c1ee2ef091cb1b9e0d4235a6.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4712 -
C:\Users\Admin\AppData\Local\Temp\c3582b05c1ee2ef091cb1b9e0d4235a6.exeC:\Users\Admin\AppData\Local\Temp\c3582b05c1ee2ef091cb1b9e0d4235a6.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:468
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
583KB
MD51477bee96cacf54952afc40077935f0f
SHA18eaba2ea24e76aed09935a216a2df78e047d8b59
SHA256356f299d918bf5b70648d7250ef247b64511878ac4715636ed0ffbe88e1abf5a
SHA51208b07a18cf1b7853bb4bc23aa8c78701c8649176003795780ae7614f55fd06cbbcdb75afffdc12101b461a15a1b4b1cf929fb3f856c60afc4a6079e60d7b40ee