fe2982abd3fbb02808da5892a6a262bccdd0b8650c79fb2d6e2f1fd401297da5

Analysis

max time kernel
91s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
10-04-2024 08:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fe2982abd3fbb02808da5892a6a262bccdd0b8650c79fb2d6e2f1fd401297da5.exe
Size

714KB
MD5

c9470058cca0e1cb82d4c0a07fecd0db
SHA1

a66d76d86448965e57d7be96a57529c497e4b99d
SHA256

fe2982abd3fbb02808da5892a6a262bccdd0b8650c79fb2d6e2f1fd401297da5
SHA512

ec8cc6b45e2703ee8c227a0fe7d3e1efb999ae0de583cc98e7ef7aa932f686fc06bea21081be19a2cc11e784ab7161129ecd7288bae971b4fce7fba44296388a
SSDEEP

12288:eo01IzLB/XV/tboClV+tFHxMfR+G1x2VK8PTkKE2qtFL/MLsJT5X:eLMb/xoClV+tFRMfRuk528L/M8T5X

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

Processes:

.fe2982abd3fbb02808da5892a6a262bccdd0b8650c79fb2d6e2f1fd401297da5.dslqgklantimngfxhilylgjwhjytgqpc.__selfdelete__.exe

pid process

3852 .fe2982abd3fbb02808da5892a6a262bccdd0b8650c79fb2d6e2f1fd401297da5.dslqgklantimngfxhilylgjwhjytgqpc.__selfdelete__.exe
Executes dropped EXE 1 IoCs

Processes:

.fe2982abd3fbb02808da5892a6a262bccdd0b8650c79fb2d6e2f1fd401297da5.dslqgklantimngfxhilylgjwhjytgqpc.__selfdelete__.exe

pid process

3852 .fe2982abd3fbb02808da5892a6a262bccdd0b8650c79fb2d6e2f1fd401297da5.dslqgklantimngfxhilylgjwhjytgqpc.__selfdelete__.exe
Suspicious behavior: RenamesItself 1 IoCs

Processes:

fe2982abd3fbb02808da5892a6a262bccdd0b8650c79fb2d6e2f1fd401297da5.exe

pid process

2816 fe2982abd3fbb02808da5892a6a262bccdd0b8650c79fb2d6e2f1fd401297da5.exe

pid	process
3852	.fe2982abd3fbb02808da5892a6a262bccdd0b8650c79fb2d6e2f1fd401297da5.dslqgklantimngfxhilylgjwhjytgqpc.__selfdelete__.exe

pid	process
3852	.fe2982abd3fbb02808da5892a6a262bccdd0b8650c79fb2d6e2f1fd401297da5.dslqgklantimngfxhilylgjwhjytgqpc.__selfdelete__.exe

pid	process
2816	fe2982abd3fbb02808da5892a6a262bccdd0b8650c79fb2d6e2f1fd401297da5.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

fe2982abd3fbb02808da5892a6a262bccdd0b8650c79fb2d6e2f1fd401297da5.exe.fe2982abd3fbb02808da5892a6a262bccdd0b8650c79fb2d6e2f1fd401297da5.dslqgklantimngfxhilylgjwhjytgqpc.__selfdelete__.exe

description	pid	process	target process
PID 2816 wrote to memory of 3852	2816	fe2982abd3fbb02808da5892a6a262bccdd0b8650c79fb2d6e2f1fd401297da5.exe	.fe2982abd3fbb02808da5892a6a262bccdd0b8650c79fb2d6e2f1fd401297da5.dslqgklantimngfxhilylgjwhjytgqpc.__selfdelete__.exe
PID 2816 wrote to memory of 3852	2816	fe2982abd3fbb02808da5892a6a262bccdd0b8650c79fb2d6e2f1fd401297da5.exe	.fe2982abd3fbb02808da5892a6a262bccdd0b8650c79fb2d6e2f1fd401297da5.dslqgklantimngfxhilylgjwhjytgqpc.__selfdelete__.exe
PID 3852 wrote to memory of 4648	3852	.fe2982abd3fbb02808da5892a6a262bccdd0b8650c79fb2d6e2f1fd401297da5.dslqgklantimngfxhilylgjwhjytgqpc.__selfdelete__.exe	cmd.exe
PID 3852 wrote to memory of 4648	3852	.fe2982abd3fbb02808da5892a6a262bccdd0b8650c79fb2d6e2f1fd401297da5.dslqgklantimngfxhilylgjwhjytgqpc.__selfdelete__.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\fe2982abd3fbb02808da5892a6a262bccdd0b8650c79fb2d6e2f1fd401297da5.exe
"C:\Users\Admin\AppData\Local\Temp\fe2982abd3fbb02808da5892a6a262bccdd0b8650c79fb2d6e2f1fd401297da5.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2816

C:\Users\Admin\AppData\Local\Temp\.fe2982abd3fbb02808da5892a6a262bccdd0b8650c79fb2d6e2f1fd401297da5.dslqgklantimngfxhilylgjwhjytgqpc.__selfdelete__.exe
"C:\Users\Admin\AppData\Local\Temp\.fe2982abd3fbb02808da5892a6a262bccdd0b8650c79fb2d6e2f1fd401297da5.dslqgklantimngfxhilylgjwhjytgqpc.__selfdelete__.exe" 460 C:\Users\Admin\AppData\Local\Temp\.fe2982abd3fbb02808da5892a6a262bccdd0b8650c79fb2d6e2f1fd401297da5.iykpczmumoamecvjoykujqfdnlcyojhx.__relocated__.exe
2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3852

C:\Windows\SYSTEM32\cmd.exe
cmd.exe /c exit
3⤵
PID:4648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\.fe2982abd3fbb02808da5892a6a262bccdd0b8650c79fb2d6e2f1fd401297da5.dslqgklantimngfxhilylgjwhjytgqpc.__selfdelete__.exe
Filesize
714KB

MD5
c9470058cca0e1cb82d4c0a07fecd0db

SHA1
a66d76d86448965e57d7be96a57529c497e4b99d

SHA256
fe2982abd3fbb02808da5892a6a262bccdd0b8650c79fb2d6e2f1fd401297da5

SHA512
ec8cc6b45e2703ee8c227a0fe7d3e1efb999ae0de583cc98e7ef7aa932f686fc06bea21081be19a2cc11e784ab7161129ecd7288bae971b4fce7fba44296388a

Download Submit