Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
15/03/2024, 17:33
Static task
static1
Behavioral task
behavioral1
Sample
cc02075dc552c0b191297da25aefbc95.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
cc02075dc552c0b191297da25aefbc95.exe
Resource
win10v2004-20240226-en
General
-
Target
cc02075dc552c0b191297da25aefbc95.exe
-
Size
82KB
-
MD5
cc02075dc552c0b191297da25aefbc95
-
SHA1
c8603e7c35b7c98972c39257717d9d4f0fb24bff
-
SHA256
5cbccdb841e2424f5821323fa5ded0a7925534024ec13ec4f762f99d9d1e2fd9
-
SHA512
097b906319ef8ea4af823c02fd0efe12f5f52b31f95122d2dc9d124b3ac1192b69395a87d86e7a78de29f5f42daac707bca4ccd96c7773f37b2bd8c6b621d318
-
SSDEEP
1536:XHIUU8nDHUDGhIIkkQRIU/JAP1rGZzu91Oy6gdRM9BUTW:XH5DpIzWU/iP16U1Oy6M0BUi
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 4848 cc02075dc552c0b191297da25aefbc95.exe -
Executes dropped EXE 1 IoCs
pid Process 4848 cc02075dc552c0b191297da25aefbc95.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1956 cc02075dc552c0b191297da25aefbc95.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1956 cc02075dc552c0b191297da25aefbc95.exe 4848 cc02075dc552c0b191297da25aefbc95.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1956 wrote to memory of 4848 1956 cc02075dc552c0b191297da25aefbc95.exe 89 PID 1956 wrote to memory of 4848 1956 cc02075dc552c0b191297da25aefbc95.exe 89 PID 1956 wrote to memory of 4848 1956 cc02075dc552c0b191297da25aefbc95.exe 89
Processes
-
C:\Users\Admin\AppData\Local\Temp\cc02075dc552c0b191297da25aefbc95.exe"C:\Users\Admin\AppData\Local\Temp\cc02075dc552c0b191297da25aefbc95.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1956 -
C:\Users\Admin\AppData\Local\Temp\cc02075dc552c0b191297da25aefbc95.exeC:\Users\Admin\AppData\Local\Temp\cc02075dc552c0b191297da25aefbc95.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:4848
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
82KB
MD5cef7795c3e9fbb404dd1d563a0e9df72
SHA1355f65c89219c66550b9c62840548056441e991c
SHA256b2668d95da29c528528c93416a14f01e432c908d7c35bae8c39dee263be908d3
SHA512583d776b0e9b4945a516f21629a2b00ac2b8e36064841652cdc6787a83911f014d22285e4b8031f7df87eab98650610801595c94733b8ceaad75744f8280ee35