e25bd552bee64be42bb47e3c5e9185cc2ed6f9864a2d1b8b81741f460ae2e27c

Analysis

max time kernel
151s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2024, 10:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cb2b741dff079360a24529cb60af0266.exe
Size

385KB
MD5

cb2b741dff079360a24529cb60af0266
SHA1

6aa30ab806f3fc6a100e4a4532e5a9c0d40e5b52
SHA256

e25bd552bee64be42bb47e3c5e9185cc2ed6f9864a2d1b8b81741f460ae2e27c
SHA512

46a2a3b5be453d6fa361945d9cfd8bf45a85ce04fddcbec426f4ec359570668a0fcb96babf81001e7e04f1e7dbf9e8dc27cdad5a7cdfeb2942147640883555b0
SSDEEP

6144:Zp8y7aAlXQnIy5kFp4JeV9bT9eHnc6irLTwaEvzRY1/7cv19dCYQ2c7mLYm1A91Z:Z+pY4Jpir4xW1/Yd2YLSS9ongoB

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
796	cb2b741dff079360a24529cb60af0266.exe

Executes dropped EXE 1 IoCs

pid	Process
796	cb2b741dff079360a24529cb60af0266.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
25	pastebin.com
27	pastebin.com

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3496	cb2b741dff079360a24529cb60af0266.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3496	cb2b741dff079360a24529cb60af0266.exe
796	cb2b741dff079360a24529cb60af0266.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3496 wrote to memory of 796	3496	cb2b741dff079360a24529cb60af0266.exe	97
PID 3496 wrote to memory of 796	3496	cb2b741dff079360a24529cb60af0266.exe	97
PID 3496 wrote to memory of 796	3496	cb2b741dff079360a24529cb60af0266.exe	97

C:\Users\Admin\AppData\Local\Temp\cb2b741dff079360a24529cb60af0266.exe
"C:\Users\Admin\AppData\Local\Temp\cb2b741dff079360a24529cb60af0266.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3496
- C:\Users\Admin\AppData\Local\Temp\cb2b741dff079360a24529cb60af0266.exe
  C:\Users\Admin\AppData\Local\Temp\cb2b741dff079360a24529cb60af0266.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3704 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8
1⤵
PID:3872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\cb2b741dff079360a24529cb60af0266.exe

Filesize
385KB

MD5
ce4aca7c8e663096159b781a06c63875

SHA1
45df448d6169d75c1c39c223d45d334c0d06e7e9

SHA256
8dc710d267a3486ae8e8b59dca947ae2071c001ace4e32dde5017e91c44482d3

SHA512
33fafccd36938e48f843124d125d0293d2cee739f0af50c363e1381141cd72e81a89202419d8e937157bc7b54341ee3b44ab0f44ac25777c7700cbd0d999dec3

Download Submit
memory/796-13-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/796-15-0x00000000015D0000-0x0000000001636000-memory.dmp

Filesize
408KB

Download
memory/796-20-0x0000000004EB0000-0x0000000004F0F000-memory.dmp

Filesize
380KB

Download
memory/796-21-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/796-31-0x000000000B600000-0x000000000B63C000-memory.dmp

Filesize
240KB

Download
memory/796-30-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/796-36-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/3496-0-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/3496-1-0x00000000015E0000-0x0000000001646000-memory.dmp

Filesize
408KB

Download
memory/3496-2-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/3496-11-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download