Analysis
-
max time kernel
120s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
15-03-2024 17:12
Static task
static1
Behavioral task
behavioral1
Sample
cbf758f6e5fadda8c916bef82fb7b113.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
cbf758f6e5fadda8c916bef82fb7b113.exe
Resource
win10v2004-20240226-en
General
-
Target
cbf758f6e5fadda8c916bef82fb7b113.exe
-
Size
82KB
-
MD5
cbf758f6e5fadda8c916bef82fb7b113
-
SHA1
c24f080519716619f184125bc70131feac9c4897
-
SHA256
2b4a3a435c571009c43ab1de850f0eefec3946bb8d82a4577a0c523058383a4f
-
SHA512
d8181f5e786bf46d1e1f3e19d4b5ca60dd2bc81f39af2eb0145b1b811be98e41adef2fd6d796635d028b6ffe145d8193ba7877989adec90cd8c52711bf8ee6ef
-
SSDEEP
1536:w1Q7I5CDgpVCl+xs5lIzvI2k2BAq+Uy4O00qU2kdzcrm1Elc197BWUEG4UCRvfQe:wDYgckgpt7n00qzmSlcHH4U4AOZh
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2972 cbf758f6e5fadda8c916bef82fb7b113.exe -
Executes dropped EXE 1 IoCs
pid Process 2972 cbf758f6e5fadda8c916bef82fb7b113.exe -
Loads dropped DLL 1 IoCs
pid Process 1520 cbf758f6e5fadda8c916bef82fb7b113.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1520 cbf758f6e5fadda8c916bef82fb7b113.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1520 cbf758f6e5fadda8c916bef82fb7b113.exe 2972 cbf758f6e5fadda8c916bef82fb7b113.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1520 wrote to memory of 2972 1520 cbf758f6e5fadda8c916bef82fb7b113.exe 28 PID 1520 wrote to memory of 2972 1520 cbf758f6e5fadda8c916bef82fb7b113.exe 28 PID 1520 wrote to memory of 2972 1520 cbf758f6e5fadda8c916bef82fb7b113.exe 28 PID 1520 wrote to memory of 2972 1520 cbf758f6e5fadda8c916bef82fb7b113.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\cbf758f6e5fadda8c916bef82fb7b113.exe"C:\Users\Admin\AppData\Local\Temp\cbf758f6e5fadda8c916bef82fb7b113.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1520 -
C:\Users\Admin\AppData\Local\Temp\cbf758f6e5fadda8c916bef82fb7b113.exeC:\Users\Admin\AppData\Local\Temp\cbf758f6e5fadda8c916bef82fb7b113.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2972
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
82KB
MD5c9ad46ccfacfc6b5be449ae29c408ff2
SHA14d42b4cde3da1ba7c60f51d9299231f862ff83b9
SHA25612b18c4622de05aaf0b4ad8e80a01bdea0916b6b46f9d0568d7d7e2b504223c3
SHA512547d34cdf62ddf3d150b8b5c7e42e0e27219091a0e96ec1d004afa2e4909fc6709eea795bf647056b310fb8ff2a3677d6670667714d7b1b8a34c5d67b6159ded