d498f46bc4ecf17cddfea38b8d1374e77189bbdf236fbc48ca9dbf702748cd6b

Analysis

max time kernel
122s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
14/03/2024, 13:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c8c22c938d6634c65517072e20a6b730.exe
Size

771KB
MD5

c8c22c938d6634c65517072e20a6b730
SHA1

b34277c331cfaf9658ef2c3acb38a7dabd09dab4
SHA256

d498f46bc4ecf17cddfea38b8d1374e77189bbdf236fbc48ca9dbf702748cd6b
SHA512

82c09a44333a88491490c9abb8f8455787be696369b011af5b3d65daaa00978a6bb531c0b1328ac87f7e3b1c76e5c34d878457aa5a0435d664ecec99d4a20ca2
SSDEEP

12288:tU3hzHC33J6A28YDMMgOShpH3s+vP6BJb10VHmDXTuFaa2AtyGTKOF25ZoJJyhRY:toC3xYIlsWYJb10hJaothZ2/T6FBBB

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1148	c8c22c938d6634c65517072e20a6b730.exe

Executes dropped EXE 1 IoCs

pid	Process
1148	c8c22c938d6634c65517072e20a6b730.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
25	pastebin.com
26	pastebin.com

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1352	c8c22c938d6634c65517072e20a6b730.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1352	c8c22c938d6634c65517072e20a6b730.exe
1148	c8c22c938d6634c65517072e20a6b730.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1352 wrote to memory of 1148	1352	c8c22c938d6634c65517072e20a6b730.exe	98
PID 1352 wrote to memory of 1148	1352	c8c22c938d6634c65517072e20a6b730.exe	98
PID 1352 wrote to memory of 1148	1352	c8c22c938d6634c65517072e20a6b730.exe	98

C:\Users\Admin\AppData\Local\Temp\c8c22c938d6634c65517072e20a6b730.exe
"C:\Users\Admin\AppData\Local\Temp\c8c22c938d6634c65517072e20a6b730.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1352
- C:\Users\Admin\AppData\Local\Temp\c8c22c938d6634c65517072e20a6b730.exe
  C:\Users\Admin\AppData\Local\Temp\c8c22c938d6634c65517072e20a6b730.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2268 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8
1⤵
PID:1764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\c8c22c938d6634c65517072e20a6b730.exe

Filesize
771KB

MD5
760f6a2ed2298236a5e8f0a1510f5206

SHA1
f47b0b420deaf53875c1a22a307990ebae5b68de

SHA256
188bc188193940d3ddf3d3c3dbb1eec5240340efa89349db8fa8d21a57fcd398

SHA512
f1267c61071b8aafc48cbf48e9b54ab85f2a9e73550cd6afbfbae2dd2a4a8810c89114e2fe6e3cb32cfbb49898fafe737cf78b9b7593a646d08390ae458eb977

Download Submit
memory/1148-13-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/1148-14-0x0000000001470000-0x00000000014D6000-memory.dmp

Filesize
408KB

Download
memory/1148-20-0x0000000004F00000-0x0000000004F5F000-memory.dmp

Filesize
380KB

Download
memory/1148-21-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/1148-30-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1148-35-0x000000000B600000-0x000000000B63C000-memory.dmp

Filesize
240KB

Download
memory/1148-36-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1352-0-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/1352-1-0x0000000001470000-0x00000000014D6000-memory.dmp

Filesize
408KB

Download
memory/1352-2-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/1352-11-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download