Analysis
-
max time kernel
119s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
26/03/2024, 08:40
Behavioral task
behavioral1
Sample
debe4ceb4a7130aa9167feb43bbccf64.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
debe4ceb4a7130aa9167feb43bbccf64.exe
Resource
win10v2004-20231215-en
General
-
Target
debe4ceb4a7130aa9167feb43bbccf64.exe
-
Size
1.5MB
-
MD5
debe4ceb4a7130aa9167feb43bbccf64
-
SHA1
60747ac999d5da3096d3216e72727922acf22231
-
SHA256
6aefff1c302345da2d7f5f3968362c6c81d9d0b5488f96b884fbf91819b13359
-
SHA512
69f869519f5d3da10800b6a35e7d03ef9f3505760a20e0a57a71964e8f27d0a88ca1f3b254274ad13563eee6db83e8b847b98e606d5536b8d3094ec129ec172d
-
SSDEEP
24576:ZuOD2kj5kczo5nW8QynR1QVr1wiYE6TOfQS1WNncIDpzW:VjC9dyyTBiYE6Te1ic2
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2632 debe4ceb4a7130aa9167feb43bbccf64.exe -
Executes dropped EXE 1 IoCs
pid Process 2632 debe4ceb4a7130aa9167feb43bbccf64.exe -
Loads dropped DLL 1 IoCs
pid Process 2184 debe4ceb4a7130aa9167feb43bbccf64.exe -
resource yara_rule behavioral1/memory/2184-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x000e00000001225e-10.dat upx behavioral1/memory/2184-12-0x0000000003520000-0x0000000003A0F000-memory.dmp upx behavioral1/files/0x000e00000001225e-15.dat upx behavioral1/memory/2632-16-0x0000000000400000-0x00000000008EF000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2184 debe4ceb4a7130aa9167feb43bbccf64.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2184 debe4ceb4a7130aa9167feb43bbccf64.exe 2632 debe4ceb4a7130aa9167feb43bbccf64.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2184 wrote to memory of 2632 2184 debe4ceb4a7130aa9167feb43bbccf64.exe 28 PID 2184 wrote to memory of 2632 2184 debe4ceb4a7130aa9167feb43bbccf64.exe 28 PID 2184 wrote to memory of 2632 2184 debe4ceb4a7130aa9167feb43bbccf64.exe 28 PID 2184 wrote to memory of 2632 2184 debe4ceb4a7130aa9167feb43bbccf64.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\debe4ceb4a7130aa9167feb43bbccf64.exe"C:\Users\Admin\AppData\Local\Temp\debe4ceb4a7130aa9167feb43bbccf64.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2184 -
C:\Users\Admin\AppData\Local\Temp\debe4ceb4a7130aa9167feb43bbccf64.exeC:\Users\Admin\AppData\Local\Temp\debe4ceb4a7130aa9167feb43bbccf64.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2632
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.5MB
MD521761165bfbf24dbe3e5f3e7a118cd9d
SHA166c27f5a88dc92320841ee24e0bd5104d276922b
SHA256fc17e37470f7e46d87d89696b0107781be25893aed7f74dd923df31542a65d37
SHA5123d87649a15c41674aa5875721453129441bc7d3782ba513ba9539c8a84193dc8315eb3f8c66303b36bc351810aeddee4f92143228d46fbb6f8e40503f655d808
-
Filesize
1.3MB
MD5ad2c4078b49f93eedf09d2b5685f6768
SHA1db79b956af636b4988eea18048b7cd15afb01dc6
SHA2568d8496fdb75f98fb7a3bf88a16f2cc13f1db6a4cd621488b06a6978c687be3b6
SHA512bd22c6b9d8e6f6cbfc837067b0000f33b60fe773a550c8c45d3cebf40a90d11d9c417ff430219ad8595ede25e3ed2995164b3b651e190eb1c5eb35249129d8f3