Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
15/06/2024, 01:55
Static task
static1
Behavioral task
behavioral1
Sample
89925295e5c23768d82da3de65d651e0.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
89925295e5c23768d82da3de65d651e0.exe
Resource
win10v2004-20240508-en
General
-
Target
89925295e5c23768d82da3de65d651e0.exe
-
Size
4.8MB
-
MD5
89925295e5c23768d82da3de65d651e0
-
SHA1
3d302d5a23193d4a595fc3fbbc5e98d777cc8e45
-
SHA256
e21fcb47f2a9b3503c4bce760294c593d42332ee31b7e6e8d8c5311aa709ba19
-
SHA512
20931511ee0f06c01cca826677c0b27e42841b83151a40ffc6b635c0d6030f3fa8b9993cd42befc4dde8b23920778d6490be8e6a403f2a0288a05c4042d2917d
-
SSDEEP
98304:emhd1UryeZohI8+UjVGKPHCxZV7wQqZUha5jtSyR:elmhI8+UBl/MZ2QbaZtlR
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2840 27CC.tmp -
Executes dropped EXE 1 IoCs
pid Process 2840 27CC.tmp -
Loads dropped DLL 2 IoCs
pid Process 2764 89925295e5c23768d82da3de65d651e0.exe 2764 89925295e5c23768d82da3de65d651e0.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2764 wrote to memory of 2840 2764 89925295e5c23768d82da3de65d651e0.exe 28 PID 2764 wrote to memory of 2840 2764 89925295e5c23768d82da3de65d651e0.exe 28 PID 2764 wrote to memory of 2840 2764 89925295e5c23768d82da3de65d651e0.exe 28 PID 2764 wrote to memory of 2840 2764 89925295e5c23768d82da3de65d651e0.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\89925295e5c23768d82da3de65d651e0.exe"C:\Users\Admin\AppData\Local\Temp\89925295e5c23768d82da3de65d651e0.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2764 -
C:\Users\Admin\AppData\Local\Temp\27CC.tmp"C:\Users\Admin\AppData\Local\Temp\27CC.tmp" --splashC:\Users\Admin\AppData\Local\Temp\89925295e5c23768d82da3de65d651e0.exe C09CFC65029AC246587D99BB2009D2CF20706AB6CEDEB89C4B012EA9B01B4A27D8BB01B8F911F1D6E13323D37D151B064229D2F2B39B83731A32D41E4A35E3252⤵
- Deletes itself
- Executes dropped EXE
PID:2840
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4.8MB
MD5fe70be938eeed190a192fdb2514fd98c
SHA15c1c14cc5a38dbd65119f04dc976522cb2453e08
SHA2569b1b0f5eca529ecc91748bca4155f3e519d53525558290a0449f833a2113fb9e
SHA512507881304ac4a3d25f80da96852087f49bea431a9356e650e4b4d29c7d2945e49b08cee0285199dd595044718d2c4818399e91db80426e5ff2a73f0c09991991