9092d5ba942b873ce70d3c359a71fbdfc9f65aa97fd74827f992c3dbf44799e7

Analysis

max time kernel
145s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2024, 23:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cc8865342eb2a853de0346c7a9cafe12.exe
Size

385KB
MD5

cc8865342eb2a853de0346c7a9cafe12
SHA1

e78c491c770c0fbf66f182d321c63d9d1ed824e1
SHA256

9092d5ba942b873ce70d3c359a71fbdfc9f65aa97fd74827f992c3dbf44799e7
SHA512

1cb2183d6ca8dc7ce0a0eb02747a0dd885e45c8475ba3cbf0874bdc1b26d870b156d5d0090e1dfbb79c9e266e38ccf4e10809b3febf53b402f533b9237a07a3b
SSDEEP

6144:2CEnm7nLsVzt2Zq5c0lxFpoAQJYTaa24Uxm4D9Ww/D0t8SZ1CZ1jnjYE+AB:22LsVR2g5cKPIYM4C9r/HmCZr+AB

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
4600	cc8865342eb2a853de0346c7a9cafe12.exe

Executes dropped EXE 1 IoCs

pid	Process
4600	cc8865342eb2a853de0346c7a9cafe12.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
26	pastebin.com
27	pastebin.com

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4548	cc8865342eb2a853de0346c7a9cafe12.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4548	cc8865342eb2a853de0346c7a9cafe12.exe
4600	cc8865342eb2a853de0346c7a9cafe12.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4548 wrote to memory of 4600	4548	cc8865342eb2a853de0346c7a9cafe12.exe	96
PID 4548 wrote to memory of 4600	4548	cc8865342eb2a853de0346c7a9cafe12.exe	96
PID 4548 wrote to memory of 4600	4548	cc8865342eb2a853de0346c7a9cafe12.exe	96

C:\Users\Admin\AppData\Local\Temp\cc8865342eb2a853de0346c7a9cafe12.exe
"C:\Users\Admin\AppData\Local\Temp\cc8865342eb2a853de0346c7a9cafe12.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4548
- C:\Users\Admin\AppData\Local\Temp\cc8865342eb2a853de0346c7a9cafe12.exe
  C:\Users\Admin\AppData\Local\Temp\cc8865342eb2a853de0346c7a9cafe12.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:4600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1312 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8
1⤵
PID:4540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\cc8865342eb2a853de0346c7a9cafe12.exe

Filesize
159KB

MD5
f06c402d09f14d015bf06fe2ff3540c4

SHA1
6427a60bf1f2bde32e7445de6ca263658438ead4

SHA256
622d75f3453f9a93a4563b977905f3fee0eee2f82cbbccbe7f44635750375f71

SHA512
a80e609e52280265680ccdb10cd08ba3d9a731168f88052076702d7fa4fcc1dd47e19446cd753749e24aacfe41ea76ca8281987547d99a4dfdeed0f77b7b0c7f

Download Submit
memory/4548-0-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/4548-1-0x00000000015B0000-0x0000000001616000-memory.dmp

Filesize
408KB

Download
memory/4548-2-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/4548-11-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/4600-13-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/4600-14-0x0000000001470000-0x00000000014D6000-memory.dmp

Filesize
408KB

Download
memory/4600-20-0x0000000004EF0000-0x0000000004F4F000-memory.dmp

Filesize
380KB

Download
memory/4600-21-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4600-31-0x000000000B600000-0x000000000B63C000-memory.dmp

Filesize
240KB

Download
memory/4600-30-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/4600-36-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download