Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    03-07-2024 02:34

General

  • Target

    c1f550f5fe7b39a5cf3892cd8538912e4c4819c0ec5a4474f9368cd8685ae59a.exe

  • Size

    209KB

  • MD5

    28d73b59f8c816a3e67e828469adf59c

  • SHA1

    147e273e060aab735fbc8d267341aea169439b62

  • SHA256

    c1f550f5fe7b39a5cf3892cd8538912e4c4819c0ec5a4474f9368cd8685ae59a

  • SHA512

    529c8d5cfb831d33926ef0d40b25f612f920b69c33f2ef70b5e2156b10c0bc428659bf8897d59ccb23b1c9859cbdbbb2c43d6934bcb7c5161ba5e13516101227

  • SSDEEP

    6144:bNRdg5GUQFG6COJ6v4waXcrKQUjbcRO3/tfXp:5R+5CG6COJQ4PEagRGtfp

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c1f550f5fe7b39a5cf3892cd8538912e4c4819c0ec5a4474f9368cd8685ae59a.exe
    "C:\Users\Admin\AppData\Local\Temp\c1f550f5fe7b39a5cf3892cd8538912e4c4819c0ec5a4474f9368cd8685ae59a.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:1732
    • C:\Users\Admin\AppData\Local\Temp\c1f550f5fe7b39a5cf3892cd8538912e4c4819c0ec5a4474f9368cd8685ae59a.exe
      C:\Users\Admin\AppData\Local\Temp\c1f550f5fe7b39a5cf3892cd8538912e4c4819c0ec5a4474f9368cd8685ae59a.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\c1f550f5fe7b39a5cf3892cd8538912e4c4819c0ec5a4474f9368cd8685ae59a.exe

    Filesize

    209KB

    MD5

    5c60033227d3424173093688fa5ff6de

    SHA1

    d5fa5d62078213d54ddb38d05c5595a9c7eda038

    SHA256

    4455bae0c554aa763b8610ddfc208decf8be6b6e61044aa6ac2372c60665c6d1

    SHA512

    783ae7cefd07cbffb12a434a474d00b49ef1482258f00e1273adb473c2e028a67cfafd51a31c71645360ae433f4e532bd5ba040420266151dd499b1e60a7bafb

  • memory/1248-12-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

  • memory/1248-11-0x0000000000400000-0x0000000000440000-memory.dmp

    Filesize

    256KB

  • memory/1248-17-0x0000000000150000-0x0000000000190000-memory.dmp

    Filesize

    256KB

  • memory/1732-0-0x0000000000400000-0x0000000000440000-memory.dmp

    Filesize

    256KB

  • memory/1732-6-0x00000000000C0000-0x0000000000100000-memory.dmp

    Filesize

    256KB

  • memory/1732-10-0x0000000000400000-0x0000000000440000-memory.dmp

    Filesize

    256KB