8a39762c6ab09162c4922c489573ca7317a6c7673fecf082ef91bc77b1574643

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
16-03-2024 02:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cce17fc715e827e34df7acdde700f0bb.exe
Size

1.5MB
MD5

cce17fc715e827e34df7acdde700f0bb
SHA1

f14b553b7e9dec5816e225f4fb18a589c693581c
SHA256

8a39762c6ab09162c4922c489573ca7317a6c7673fecf082ef91bc77b1574643
SHA512

c969474250103a686ad430fe6a2907cef07f385224b3bcdffd6dbc8ffd1410e206bedf757875394eec00e048ba76487d69644f4aef00a8a76019e8e123d72eab
SSDEEP

24576:LHAIvPp6Wdrb10hJaothZ2/T6FBBjNPI5lqkfZSkHR82b10hJaothZ2/T6FBBT:JvP4Wh/ofqg4/ofp

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
4160	cce17fc715e827e34df7acdde700f0bb.exe

Executes dropped EXE 1 IoCs

pid	Process
4160	cce17fc715e827e34df7acdde700f0bb.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	pastebin.com
8	pastebin.com

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2364	cce17fc715e827e34df7acdde700f0bb.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2364	cce17fc715e827e34df7acdde700f0bb.exe
4160	cce17fc715e827e34df7acdde700f0bb.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 4160	2364	cce17fc715e827e34df7acdde700f0bb.exe	88
PID 2364 wrote to memory of 4160	2364	cce17fc715e827e34df7acdde700f0bb.exe	88
PID 2364 wrote to memory of 4160	2364	cce17fc715e827e34df7acdde700f0bb.exe	88

C:\Users\Admin\AppData\Local\Temp\cce17fc715e827e34df7acdde700f0bb.exe
"C:\Users\Admin\AppData\Local\Temp\cce17fc715e827e34df7acdde700f0bb.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Users\Admin\AppData\Local\Temp\cce17fc715e827e34df7acdde700f0bb.exe
  C:\Users\Admin\AppData\Local\Temp\cce17fc715e827e34df7acdde700f0bb.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:4160

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\cce17fc715e827e34df7acdde700f0bb.exe

Filesize
1.5MB

MD5
51e4fa755995f4e39cc304ff3ec52894

SHA1
874a9cb1532befa25cc09eb04661aeb238acb902

SHA256
1ab74a4acda2ffef38163a23817ff11fa1c2d76e45e8b9efb21e6935034422d8

SHA512
e04e01b6bbc65979918bb29b2586106b08388737b6503b3528e73ed7b5cce1fabbe46e48e64feaa83a5b56ed35c61175184f9683af9ad367035eaa912034080e

Download Submit
memory/2364-0-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/2364-1-0x00000000014D0000-0x0000000001536000-memory.dmp

Filesize
408KB

Download
memory/2364-2-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2364-11-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/4160-13-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/4160-14-0x00000000015A0000-0x0000000001606000-memory.dmp

Filesize
408KB

Download
memory/4160-20-0x0000000004EE0000-0x0000000004F3F000-memory.dmp

Filesize
380KB

Download
memory/4160-21-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4160-32-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/4160-37-0x000000000D660000-0x000000000D69C000-memory.dmp

Filesize
240KB

Download
memory/4160-38-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download