Analysis
-
max time kernel
156s -
max time network
161s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
27/03/2024, 09:38
Static task
static1
Behavioral task
behavioral1
Sample
e15b5eee5ef61094f531f4ab0ea52bd7.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e15b5eee5ef61094f531f4ab0ea52bd7.exe
Resource
win10v2004-20240226-en
General
-
Target
e15b5eee5ef61094f531f4ab0ea52bd7.exe
-
Size
82KB
-
MD5
e15b5eee5ef61094f531f4ab0ea52bd7
-
SHA1
3f2e4b31b257e684ea3676a3b01c6d29802625da
-
SHA256
50e4da711865f8a579dd5c6eefb2a46c8842d94014a3c18c4ba22b50a48a0970
-
SHA512
26dff0004cf1f3b8653a242be731da57681383f6bfda733f0f6107ed0d00af892b6404187be3231bf3a98852a9d98a28de291f07dd4129d128c9979347111155
-
SSDEEP
1536:dDT4Cn4+2z8LMRVU9hFv8HTaZ14oqPYt7JGiIaPHS2BH45bT0tm5M9:dDTcBVRVUlv8cTt72avQVTnW9
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 744 e15b5eee5ef61094f531f4ab0ea52bd7.exe -
Executes dropped EXE 1 IoCs
pid Process 744 e15b5eee5ef61094f531f4ab0ea52bd7.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2964 e15b5eee5ef61094f531f4ab0ea52bd7.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2964 e15b5eee5ef61094f531f4ab0ea52bd7.exe 744 e15b5eee5ef61094f531f4ab0ea52bd7.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2964 wrote to memory of 744 2964 e15b5eee5ef61094f531f4ab0ea52bd7.exe 88 PID 2964 wrote to memory of 744 2964 e15b5eee5ef61094f531f4ab0ea52bd7.exe 88 PID 2964 wrote to memory of 744 2964 e15b5eee5ef61094f531f4ab0ea52bd7.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\e15b5eee5ef61094f531f4ab0ea52bd7.exe"C:\Users\Admin\AppData\Local\Temp\e15b5eee5ef61094f531f4ab0ea52bd7.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2964 -
C:\Users\Admin\AppData\Local\Temp\e15b5eee5ef61094f531f4ab0ea52bd7.exeC:\Users\Admin\AppData\Local\Temp\e15b5eee5ef61094f531f4ab0ea52bd7.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:744
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
82KB
MD53e7e4d4d714c2f9b1150091541e88932
SHA15f84e0fb94a22c808e7d0f258bdaf6a95c5ca838
SHA2564c3799de1d93aac746b543bca7030c1441df02dae83e41aff2407a97d6a6e19f
SHA5128435ef539ff996314bc753f6ffc3ff9428b9cea140cec3446de1c1f7a4f07f142cd34cae5862c888c88c3983599e0d0fa4235d0b08374d4bb5c8fca9ab6ee48f