Analysis
-
max time kernel
148s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
26/03/2024, 14:34
Static task
static1
Behavioral task
behavioral1
Sample
df664f94e47dae1e4b0b209241389879.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
df664f94e47dae1e4b0b209241389879.exe
Resource
win10v2004-20240226-en
General
-
Target
df664f94e47dae1e4b0b209241389879.exe
-
Size
82KB
-
MD5
df664f94e47dae1e4b0b209241389879
-
SHA1
773b1a2b82ecec28f1b8d8edcc97ece14db006d6
-
SHA256
7df209cff6511556b14e8ef957b513b82ba6ad4e0a35e15da1be0186ed447518
-
SHA512
22ab79eba6ff159f1352ce86d9fa3bf3e2999555a02d5913a090a01a962663633636a331fab812721fd281ca668d02b4984e34ea4ae97607048d9045119890e6
-
SSDEEP
1536:WWOCglG3vjk0zWKo7xO4r82pL4eBZ7V1AhZ:9OvG3vQ0Ho7xO41pL4eEhZ
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2852 df664f94e47dae1e4b0b209241389879.exe -
Executes dropped EXE 1 IoCs
pid Process 2852 df664f94e47dae1e4b0b209241389879.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 4808 df664f94e47dae1e4b0b209241389879.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 4808 df664f94e47dae1e4b0b209241389879.exe 2852 df664f94e47dae1e4b0b209241389879.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4808 wrote to memory of 2852 4808 df664f94e47dae1e4b0b209241389879.exe 90 PID 4808 wrote to memory of 2852 4808 df664f94e47dae1e4b0b209241389879.exe 90 PID 4808 wrote to memory of 2852 4808 df664f94e47dae1e4b0b209241389879.exe 90
Processes
-
C:\Users\Admin\AppData\Local\Temp\df664f94e47dae1e4b0b209241389879.exe"C:\Users\Admin\AppData\Local\Temp\df664f94e47dae1e4b0b209241389879.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4808 -
C:\Users\Admin\AppData\Local\Temp\df664f94e47dae1e4b0b209241389879.exeC:\Users\Admin\AppData\Local\Temp\df664f94e47dae1e4b0b209241389879.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2852
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
82KB
MD580c686ec83cddd74a29126bd4fa06365
SHA132006fef3c180d54da7c452b43c9be1404f5db95
SHA256c7ece9a66acb40e58732ce114382b271d717c355043f323b57c6602f34ba9a11
SHA5125ce52b76f2937e955f549a72c64855ee2e7216aa9468245b9b5322b6fc3d892054f90e5b4966540ff4bd0b5de9001120a6d6aa1f11ec58bb6e094bc2dc11f8a9