Analysis
-
max time kernel
142s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
27-03-2024 03:49
Static task
static1
Behavioral task
behavioral1
Sample
e0b27a60f7acb8ffc6386ebc3f80b982.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e0b27a60f7acb8ffc6386ebc3f80b982.exe
Resource
win10v2004-20240226-en
General
-
Target
e0b27a60f7acb8ffc6386ebc3f80b982.exe
-
Size
105KB
-
MD5
e0b27a60f7acb8ffc6386ebc3f80b982
-
SHA1
dbaeeb92fe4529868a6da88821879ddee968523b
-
SHA256
48a839910c4ee1902307de543d27bcf6283b7806b0701e6862f1f4088ba499df
-
SHA512
1739a94af4c2d56c2be9134d716b89141febf9af46d43a0a943119734ab53c74f0ba43772d69400875cb944edddac8190eaeb5cdc34bbc401c9833c592479d34
-
SSDEEP
1536:M1IYtinNJq8Of4rDn50dGEnVJdEMmw6lIqY1/SXbXYW2Q7HOPL0iTt6DtW9YH:gHtMNJq8xVqGEnmMslIqSq8Q7uT2pW9i
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3496 e0b27a60f7acb8ffc6386ebc3f80b982.exe -
Executes dropped EXE 1 IoCs
pid Process 3496 e0b27a60f7acb8ffc6386ebc3f80b982.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 4780 e0b27a60f7acb8ffc6386ebc3f80b982.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 4780 e0b27a60f7acb8ffc6386ebc3f80b982.exe 3496 e0b27a60f7acb8ffc6386ebc3f80b982.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4780 wrote to memory of 3496 4780 e0b27a60f7acb8ffc6386ebc3f80b982.exe 97 PID 4780 wrote to memory of 3496 4780 e0b27a60f7acb8ffc6386ebc3f80b982.exe 97 PID 4780 wrote to memory of 3496 4780 e0b27a60f7acb8ffc6386ebc3f80b982.exe 97
Processes
-
C:\Users\Admin\AppData\Local\Temp\e0b27a60f7acb8ffc6386ebc3f80b982.exe"C:\Users\Admin\AppData\Local\Temp\e0b27a60f7acb8ffc6386ebc3f80b982.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4780 -
C:\Users\Admin\AppData\Local\Temp\e0b27a60f7acb8ffc6386ebc3f80b982.exeC:\Users\Admin\AppData\Local\Temp\e0b27a60f7acb8ffc6386ebc3f80b982.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:3496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4612 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:81⤵PID:4892
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
105KB
MD5264869ab995da17856bd58bca48c9294
SHA14e105afa3ffe8090031f64d152540cd1c418680d
SHA256c9123024c50bbb1428b601d6f71b3511e50fbd89d1ca831f08ba9b853a1e919b
SHA512086d5c4fdb139db6824005c94732c6048cb42c422a51af9071d7b9c011979e9c0402645cff769f4d308d8992c0598da06c78a08f82509acc3f6e4fcc876e481d