43fc96821a0a0f3e2c186bb12619c4e2dc3bbae2d20f836c423af62a78bd4372

Analysis

max time kernel
128s
max time network
205s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2024, 08:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

caebfe9ed95f6b425bd7f6a1bcced306.exe
Size

907KB
MD5

caebfe9ed95f6b425bd7f6a1bcced306
SHA1

cdc210270e85de174a468f46ba6662a9292c19b9
SHA256

43fc96821a0a0f3e2c186bb12619c4e2dc3bbae2d20f836c423af62a78bd4372
SHA512

40296e52e445ec91e162965e7880f6e19d7963b1a60ce18c55181eacd2e768f3aee98edc15a35bd8e0d615ad9ab886859c81e58ff0dc8baa36c220af7a023c5f
SSDEEP

12288:kJ5A4EqXEseqvZlLBsLb0KK/55JKs989bHR8251Jpkbxqtuu3Cg+Uf/xfgzwjIlC:sAxqnfX9sv0ubHy41JpklAuCZ46a/ZS1

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3736	caebfe9ed95f6b425bd7f6a1bcced306.exe

Executes dropped EXE 1 IoCs

pid	Process
3736	caebfe9ed95f6b425bd7f6a1bcced306.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
57	pastebin.com
56	pastebin.com

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3440	caebfe9ed95f6b425bd7f6a1bcced306.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3440	caebfe9ed95f6b425bd7f6a1bcced306.exe
3736	caebfe9ed95f6b425bd7f6a1bcced306.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3440 wrote to memory of 3736	3440	caebfe9ed95f6b425bd7f6a1bcced306.exe	95
PID 3440 wrote to memory of 3736	3440	caebfe9ed95f6b425bd7f6a1bcced306.exe	95
PID 3440 wrote to memory of 3736	3440	caebfe9ed95f6b425bd7f6a1bcced306.exe	95

C:\Users\Admin\AppData\Local\Temp\caebfe9ed95f6b425bd7f6a1bcced306.exe
"C:\Users\Admin\AppData\Local\Temp\caebfe9ed95f6b425bd7f6a1bcced306.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3440
- C:\Users\Admin\AppData\Local\Temp\caebfe9ed95f6b425bd7f6a1bcced306.exe
  C:\Users\Admin\AppData\Local\Temp\caebfe9ed95f6b425bd7f6a1bcced306.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\caebfe9ed95f6b425bd7f6a1bcced306.exe

Filesize
907KB

MD5
3ae9821c3b7f9bf7ccc6a1a52cb4fb57

SHA1
a95cdd5df0e117baa06ddcdaf4e0443f518b4d5f

SHA256
0da25d3272b994fd6c19e21e137f9cd72a81072596f95fe1463933c624ef55b9

SHA512
38d29e6b218867e2195c5276e3fbb3958f46c1cb28f3493c4150b41c83f12b0d7fbc7e81bc5320aa878dfeb44458565e6732942d3bbf3b917dc58ff67478b032

Download Submit
memory/3440-0-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/3440-1-0x00000000015B0000-0x0000000001698000-memory.dmp

Filesize
928KB

Download
memory/3440-2-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download
memory/3440-11-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download
memory/3736-13-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/3736-14-0x0000000001750000-0x0000000001838000-memory.dmp

Filesize
928KB

Download
memory/3736-21-0x0000000005090000-0x000000000514B000-memory.dmp

Filesize
748KB

Download
memory/3736-20-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/3736-30-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/3736-34-0x000000000B800000-0x000000000B898000-memory.dmp

Filesize
608KB

Download