53325abd114bef7753a29975a7f9aa558762477abd6365dd91db25e21013b643

Analysis

max time kernel
139s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19/03/2024, 10:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d5ee12b8a61b603f8a8d1ca4066c0ee3.exe
Size

385KB
MD5

d5ee12b8a61b603f8a8d1ca4066c0ee3
SHA1

7fb161a1a2268995b783d872a0058b14f42bb980
SHA256

53325abd114bef7753a29975a7f9aa558762477abd6365dd91db25e21013b643
SHA512

9ff598dc22910d0367d4d18be25a312fbe37a62c3e557d87f6b1cdd932c8ecb255188d7da56a057ab54c0683c722468cfcb7fcadb25b17d7d036830801a40322
SSDEEP

6144:J9iiZVhRs5+Znh3X0+4jHwCHaVN5Cy/OU3DL1oQ3iMouXSW1vpaGqYr1s8B:JEi88wHwCHal//1NoESawGqYr1/B

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2580	d5ee12b8a61b603f8a8d1ca4066c0ee3.exe

Executes dropped EXE 1 IoCs

pid	Process
2580	d5ee12b8a61b603f8a8d1ca4066c0ee3.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
17	pastebin.com
18	pastebin.com

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
936	d5ee12b8a61b603f8a8d1ca4066c0ee3.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
936	d5ee12b8a61b603f8a8d1ca4066c0ee3.exe
2580	d5ee12b8a61b603f8a8d1ca4066c0ee3.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 936 wrote to memory of 2580	936	d5ee12b8a61b603f8a8d1ca4066c0ee3.exe	98
PID 936 wrote to memory of 2580	936	d5ee12b8a61b603f8a8d1ca4066c0ee3.exe	98
PID 936 wrote to memory of 2580	936	d5ee12b8a61b603f8a8d1ca4066c0ee3.exe	98

C:\Users\Admin\AppData\Local\Temp\d5ee12b8a61b603f8a8d1ca4066c0ee3.exe
"C:\Users\Admin\AppData\Local\Temp\d5ee12b8a61b603f8a8d1ca4066c0ee3.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:936
- C:\Users\Admin\AppData\Local\Temp\d5ee12b8a61b603f8a8d1ca4066c0ee3.exe
  C:\Users\Admin\AppData\Local\Temp\d5ee12b8a61b603f8a8d1ca4066c0ee3.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2824 --field-trial-handle=2236,i,5367110156796017614,12594004256180761011,262144 --variations-seed-version /prefetch:8
1⤵
PID:3984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\d5ee12b8a61b603f8a8d1ca4066c0ee3.exe

Filesize
385KB

MD5
97b5ab4b6a944288f1bc6bda25e6c634

SHA1
bfe42734827bccf3fd2e40782e8332e84ad4c58b

SHA256
d2ca1a11a1ecc1cb6f7c4be07e2c335be1d907be69dbc1713d3f76b789fb7666

SHA512
88c2d10db89cd72ea764e9209386128f8fff3b706af8664b95550907aba5e3af6f01b5aa2707ce5d5065e17e29eb0cff57584aba7a7ce67600fe03245456c31b

Download Submit
memory/936-0-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/936-1-0x0000000000170000-0x00000000001D6000-memory.dmp

Filesize
408KB

Download
memory/936-2-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/936-11-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2580-13-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/2580-15-0x0000000001470000-0x00000000014D6000-memory.dmp

Filesize
408KB

Download
memory/2580-20-0x0000000001630000-0x000000000168F000-memory.dmp

Filesize
380KB

Download
memory/2580-21-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2580-32-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2580-34-0x000000000C620000-0x000000000C65C000-memory.dmp

Filesize
240KB

Download
memory/2580-38-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download