Analysis
-
max time kernel
170s -
max time network
184s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
12/03/2024, 19:05
Static task
static1
Behavioral task
behavioral1
Sample
c422181318394d0453378765d2f652e2.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c422181318394d0453378765d2f652e2.exe
Resource
win10v2004-20240226-en
General
-
Target
c422181318394d0453378765d2f652e2.exe
-
Size
82KB
-
MD5
c422181318394d0453378765d2f652e2
-
SHA1
558b0b619e6618d704177b3e784cce5deb28f554
-
SHA256
6e9a1d32587cdee9fa61b1f7404f626c457b88cc1d670bbc8c6d4dd53747835b
-
SHA512
c7cbd5263f78fc299fa9c9a3ebab172c61561334c3ef435e91a7894ce1f77bc977e4ae13fef0c7e9eac82833bb569438f3fe4ae009b1a52d8df9d7e81b82e8c8
-
SSDEEP
1536:ESQoWVaqZ83r/lP2rxgLpgo6mZ4geBW987tjxm6twYotaDShpYfq:APV1Z83r/VLYmZ4g987RNnWhifq
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 4188 c422181318394d0453378765d2f652e2.exe -
Executes dropped EXE 1 IoCs
pid Process 4188 c422181318394d0453378765d2f652e2.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2896 c422181318394d0453378765d2f652e2.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2896 c422181318394d0453378765d2f652e2.exe 4188 c422181318394d0453378765d2f652e2.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2896 wrote to memory of 4188 2896 c422181318394d0453378765d2f652e2.exe 89 PID 2896 wrote to memory of 4188 2896 c422181318394d0453378765d2f652e2.exe 89 PID 2896 wrote to memory of 4188 2896 c422181318394d0453378765d2f652e2.exe 89
Processes
-
C:\Users\Admin\AppData\Local\Temp\c422181318394d0453378765d2f652e2.exe"C:\Users\Admin\AppData\Local\Temp\c422181318394d0453378765d2f652e2.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2896 -
C:\Users\Admin\AppData\Local\Temp\c422181318394d0453378765d2f652e2.exeC:\Users\Admin\AppData\Local\Temp\c422181318394d0453378765d2f652e2.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:4188
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
82KB
MD567df1431c94319381eee0050e7f507e7
SHA162cdad57b0d7dd96e2b82b1a328ba38f028060e5
SHA2560688f9d3830a2eb4fbfd13bc6a481a29cd722c72f59226f6474fcd538ecb5f1c
SHA512e32684655ca47a6da5f06b798a45b8e03487c46c4be6ee03143fe95aa8483a4b23e5a2054196994d43071bb3cf39a742ff8ef9f723098161a4b765ba7b9d9bf1