3a28bc4aec1ba0c0bab780725c75ccf9d501cab409582dcd11497410606382b8

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
19/03/2024, 11:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d5f714acefb6b2382c97a4d4d914fe41.exe
Size

1.6MB
MD5

d5f714acefb6b2382c97a4d4d914fe41
SHA1

a815b10ae1fbe59717f9514c2c2bb69760b79706
SHA256

3a28bc4aec1ba0c0bab780725c75ccf9d501cab409582dcd11497410606382b8
SHA512

e8d07e2e024beef73a399fd96f1ff56caf8215f1d59fd1baf1fc55caba21db00532ce8d857b1cd56234bfd89fd140b2064dd01aff1f004efc0bae48eff31d37c
SSDEEP

49152:vlwUA8W2QelraEt2rxpn4MpAxfFKKbo3VEb0HKrQ26tMc:tA83lZrtW14bAtVY0HKrQ2O

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1692	d5f714acefb6b2382c97a4d4d914fe41.exe

Executes dropped EXE 1 IoCs

pid	Process
1692	d5f714acefb6b2382c97a4d4d914fe41.exe

Loads dropped DLL 1 IoCs

pid	Process
1072	d5f714acefb6b2382c97a4d4d914fe41.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1072	d5f714acefb6b2382c97a4d4d914fe41.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1072	d5f714acefb6b2382c97a4d4d914fe41.exe
1692	d5f714acefb6b2382c97a4d4d914fe41.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1072 wrote to memory of 1692	1072	d5f714acefb6b2382c97a4d4d914fe41.exe	28
PID 1072 wrote to memory of 1692	1072	d5f714acefb6b2382c97a4d4d914fe41.exe	28
PID 1072 wrote to memory of 1692	1072	d5f714acefb6b2382c97a4d4d914fe41.exe	28
PID 1072 wrote to memory of 1692	1072	d5f714acefb6b2382c97a4d4d914fe41.exe	28

C:\Users\Admin\AppData\Local\Temp\d5f714acefb6b2382c97a4d4d914fe41.exe
"C:\Users\Admin\AppData\Local\Temp\d5f714acefb6b2382c97a4d4d914fe41.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1072
- C:\Users\Admin\AppData\Local\Temp\d5f714acefb6b2382c97a4d4d914fe41.exe
  C:\Users\Admin\AppData\Local\Temp\d5f714acefb6b2382c97a4d4d914fe41.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\d5f714acefb6b2382c97a4d4d914fe41.exe

Filesize
1.5MB

MD5
b324e024bf6e623d7dca9efe0c9398cc

SHA1
70a6df6673a32c62a6295cd6b5204cbfbe50d1d5

SHA256
72818f52f228df152c371b35d681535e9f13170710bb111e5a5d1d30ce103788

SHA512
d8b8563c67d82bccbb3cc45ecd3069b5fd305b2cb64658e3ea8a1ad882452ee8706b5c44c1b4d5ae26c32643c586b7f25ac15fc214595eaa30f61bbe9892697c

Download Submit
\Users\Admin\AppData\Local\Temp\d5f714acefb6b2382c97a4d4d914fe41.exe

Filesize
1.2MB

MD5
5b8f32371ac5ff94dea4766f2eadf203

SHA1
dec41c9ee84772605a1d7c20b0cc3eacad09b026

SHA256
7e72c2efd34b05faba252c35dc0abf16a12ed8adb19dfc90d8fa2fc4dcf62012

SHA512
5ccda5749f3c90a5114bf53fa5747c89b4dee087f86a8ce1ea44f13c45e12642b9858cfe88a81a694ce822e26e219af63ef0e90b2b1905b68a411d3160e03e06

Download Submit
memory/1072-0-0x0000000000400000-0x0000000000877000-memory.dmp

Filesize
4.5MB

Download
memory/1072-1-0x0000000000400000-0x000000000064D000-memory.dmp

Filesize
2.3MB

Download
memory/1072-2-0x0000000001AD0000-0x0000000001F47000-memory.dmp

Filesize
4.5MB

Download
memory/1072-15-0x00000000039F0000-0x0000000003E67000-memory.dmp

Filesize
4.5MB

Download
memory/1072-14-0x0000000000400000-0x000000000064D000-memory.dmp

Filesize
2.3MB

Download
memory/1692-17-0x0000000000400000-0x0000000000877000-memory.dmp

Filesize
4.5MB

Download
memory/1692-16-0x0000000000400000-0x000000000064D000-memory.dmp

Filesize
2.3MB

Download
memory/1692-22-0x0000000000400000-0x0000000000640000-memory.dmp

Filesize
2.2MB

Download
memory/1692-24-0x0000000003830000-0x0000000003A7D000-memory.dmp

Filesize
2.3MB

Download