Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
14/03/2024, 07:01
Behavioral task
behavioral1
Sample
c7fdfa8910cadbda5374bf06fbb50651.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
c7fdfa8910cadbda5374bf06fbb50651.exe
Resource
win10v2004-20240226-en
General
-
Target
c7fdfa8910cadbda5374bf06fbb50651.exe
-
Size
11.7MB
-
MD5
c7fdfa8910cadbda5374bf06fbb50651
-
SHA1
ddb1cc0f8de3cde0aea48d24d13e44eae0c777bf
-
SHA256
cde3ff060b68c3183026a9e34d5b46eca793a9da925cb636fa2bd56157e0de24
-
SHA512
ad08da7937636a89007248feed55bbf759bb10150dabb7a412c2487e81477a564f5427cf8d015f30a3525f682c1cdf70c3e88791f8df3615ad7fb84510c9e717
-
SSDEEP
196608:OKqlh8/WCOu7xLCWCQY4D5PjKWCOu7xLCWC:OBl0UuVLChM5LKUuVLC
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 4672 c7fdfa8910cadbda5374bf06fbb50651.exe -
Executes dropped EXE 1 IoCs
pid Process 4672 c7fdfa8910cadbda5374bf06fbb50651.exe -
resource yara_rule behavioral2/memory/2852-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral2/files/0x000300000001e9a0-11.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2852 c7fdfa8910cadbda5374bf06fbb50651.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2852 c7fdfa8910cadbda5374bf06fbb50651.exe 4672 c7fdfa8910cadbda5374bf06fbb50651.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2852 wrote to memory of 4672 2852 c7fdfa8910cadbda5374bf06fbb50651.exe 89 PID 2852 wrote to memory of 4672 2852 c7fdfa8910cadbda5374bf06fbb50651.exe 89 PID 2852 wrote to memory of 4672 2852 c7fdfa8910cadbda5374bf06fbb50651.exe 89
Processes
-
C:\Users\Admin\AppData\Local\Temp\c7fdfa8910cadbda5374bf06fbb50651.exe"C:\Users\Admin\AppData\Local\Temp\c7fdfa8910cadbda5374bf06fbb50651.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2852 -
C:\Users\Admin\AppData\Local\Temp\c7fdfa8910cadbda5374bf06fbb50651.exeC:\Users\Admin\AppData\Local\Temp\c7fdfa8910cadbda5374bf06fbb50651.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:4672
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
896KB
MD5ba1cd60f9a53e5ffdf726ef4945e52be
SHA16773b7534745310e88a5e8204547e0741d35e62e
SHA256881ddc464ee68af61c121c661fd1f9cda70aa28ca2ddd4ed21c0e4f7074426a9
SHA5129fa70ef72a47c5d85c5d6f4a52e1a39698048370700911872f078623a3262fa18885ff1721d2ba36a40f303ebb1dee91519c757d5519589edf417dd746b5f7ce