Analysis
-
max time kernel
117s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
27/03/2024, 20:00
Behavioral task
behavioral1
Sample
e23901511e5392f63b2184949dd766da.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
e23901511e5392f63b2184949dd766da.exe
Resource
win10v2004-20231215-en
General
-
Target
e23901511e5392f63b2184949dd766da.exe
-
Size
2.7MB
-
MD5
e23901511e5392f63b2184949dd766da
-
SHA1
1bb314e5b35ce6abe8dd61ef1740be39134408b7
-
SHA256
9d9445847bc385342bc0deb446beefd926874adad420f6c3bbd8b4a733838df3
-
SHA512
c93095d6c88b88489d6dec7c0900074d1f8ad5d6d1caee1c7a14762a67a83897cf0cbd1c3608cf62d8b4a89af620fa5352c90561ed62dc90466190f782b7b8b6
-
SSDEEP
49152:tWtrAIWnLBuLggCVTTRkO+NJ4ybndZHAZtinHhQ1:UJNWnLBxbRF8lndZ0tABS
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2800 e23901511e5392f63b2184949dd766da.exe -
Executes dropped EXE 1 IoCs
pid Process 2800 e23901511e5392f63b2184949dd766da.exe -
Loads dropped DLL 1 IoCs
pid Process 2220 e23901511e5392f63b2184949dd766da.exe -
resource yara_rule behavioral1/memory/2220-0-0x0000000000400000-0x000000000086A000-memory.dmp upx behavioral1/files/0x00080000000122bf-11.dat upx behavioral1/memory/2220-15-0x0000000003790000-0x0000000003BFA000-memory.dmp upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2220 e23901511e5392f63b2184949dd766da.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2220 e23901511e5392f63b2184949dd766da.exe 2800 e23901511e5392f63b2184949dd766da.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2220 wrote to memory of 2800 2220 e23901511e5392f63b2184949dd766da.exe 28 PID 2220 wrote to memory of 2800 2220 e23901511e5392f63b2184949dd766da.exe 28 PID 2220 wrote to memory of 2800 2220 e23901511e5392f63b2184949dd766da.exe 28 PID 2220 wrote to memory of 2800 2220 e23901511e5392f63b2184949dd766da.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\e23901511e5392f63b2184949dd766da.exe"C:\Users\Admin\AppData\Local\Temp\e23901511e5392f63b2184949dd766da.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2220 -
C:\Users\Admin\AppData\Local\Temp\e23901511e5392f63b2184949dd766da.exeC:\Users\Admin\AppData\Local\Temp\e23901511e5392f63b2184949dd766da.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2800
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.7MB
MD5c231fda735ed8a2c77fbce12a6a0ab82
SHA126ff7144a3093340f078b32aed3d9d338f4e2566
SHA2562d8b0ed9cf620d3c8ef90c716eb0d5ca5c57871349b7dd402e6eaf62e1758faf
SHA5127f832623e47c5f23da081c2448f4077cce36fa7e16df102de5ec6e49c1893e6e2e1746be5882ed668256fda73726ddb735015a804bc58b51c109e8db700f8b91