498d703519e62cf84b899fbd4616375a1e6acdc375ec19cf4c6c9c044283c8ed

Analysis

max time kernel
166s
max time network
185s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13-03-2024 17:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c67fd823978671af7da1332dbf3bf206.exe
Size

385KB
MD5

c67fd823978671af7da1332dbf3bf206
SHA1

affbbb86be0e45867786265d8440c8873a712c40
SHA256

498d703519e62cf84b899fbd4616375a1e6acdc375ec19cf4c6c9c044283c8ed
SHA512

fa21a720b7216c2743ff1edb3a16ed9bfcf0e247418e2ac3ef359db8eacbcdd37108c4f2c3da501bdefc446ed0b526d6dc19356576a1de9acce8298dd107c703
SSDEEP

12288:KlGFkIVFDCnv2ohIvVzdNuiumuAmrkMoB:4GScev2ohIvVTuiuj97oB

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2548	c67fd823978671af7da1332dbf3bf206.exe

Executes dropped EXE 1 IoCs

pid	Process
2548	c67fd823978671af7da1332dbf3bf206.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
21	pastebin.com
28	pastebin.com

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2412	c67fd823978671af7da1332dbf3bf206.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2412	c67fd823978671af7da1332dbf3bf206.exe
2548	c67fd823978671af7da1332dbf3bf206.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2412 wrote to memory of 2548	2412	c67fd823978671af7da1332dbf3bf206.exe	96
PID 2412 wrote to memory of 2548	2412	c67fd823978671af7da1332dbf3bf206.exe	96
PID 2412 wrote to memory of 2548	2412	c67fd823978671af7da1332dbf3bf206.exe	96

C:\Users\Admin\AppData\Local\Temp\c67fd823978671af7da1332dbf3bf206.exe
"C:\Users\Admin\AppData\Local\Temp\c67fd823978671af7da1332dbf3bf206.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2412
- C:\Users\Admin\AppData\Local\Temp\c67fd823978671af7da1332dbf3bf206.exe
  C:\Users\Admin\AppData\Local\Temp\c67fd823978671af7da1332dbf3bf206.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4080 --field-trial-handle=2432,i,12161922670941700748,3348345705955601576,262144 --variations-seed-version /prefetch:8
1⤵
PID:5040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\c67fd823978671af7da1332dbf3bf206.exe

Filesize
385KB

MD5
c40d0083dc0f5587f5516a4aaa27e5a6

SHA1
8aa99dab2390d86decb0565c03f6354e651b4b68

SHA256
a638b3c95f2f449e0b543ac9c0b367d0bf0c3e8781d55bc233a0d7c1ebb782e8

SHA512
447ba364aefb869d02625a0c9bf319ff1593febceda873e5b2245a334eb65d0e3e7f5d5ba4a5f4a0fa0aab02d01cbe685d7d385d5f04393ee6c76005b6c06c57

Download Submit
memory/2412-0-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/2412-1-0x0000000000180000-0x00000000001E6000-memory.dmp

Filesize
408KB

Download
memory/2412-2-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2412-11-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2548-13-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/2548-14-0x00000000015B0000-0x0000000001616000-memory.dmp

Filesize
408KB

Download
memory/2548-20-0x0000000004E90000-0x0000000004EEF000-memory.dmp

Filesize
380KB

Download
memory/2548-21-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2548-30-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2548-35-0x000000000B600000-0x000000000B63C000-memory.dmp

Filesize
240KB

Download
memory/2548-36-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download