Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
03-07-2024 02:34
Static task
static1
Behavioral task
behavioral1
Sample
c1f550f5fe7b39a5cf3892cd8538912e4c4819c0ec5a4474f9368cd8685ae59a.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
c1f550f5fe7b39a5cf3892cd8538912e4c4819c0ec5a4474f9368cd8685ae59a.exe
Resource
win10v2004-20240611-en
General
-
Target
c1f550f5fe7b39a5cf3892cd8538912e4c4819c0ec5a4474f9368cd8685ae59a.exe
-
Size
209KB
-
MD5
28d73b59f8c816a3e67e828469adf59c
-
SHA1
147e273e060aab735fbc8d267341aea169439b62
-
SHA256
c1f550f5fe7b39a5cf3892cd8538912e4c4819c0ec5a4474f9368cd8685ae59a
-
SHA512
529c8d5cfb831d33926ef0d40b25f612f920b69c33f2ef70b5e2156b10c0bc428659bf8897d59ccb23b1c9859cbdbbb2c43d6934bcb7c5161ba5e13516101227
-
SSDEEP
6144:bNRdg5GUQFG6COJ6v4waXcrKQUjbcRO3/tfXp:5R+5CG6COJQ4PEagRGtfp
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1248 c1f550f5fe7b39a5cf3892cd8538912e4c4819c0ec5a4474f9368cd8685ae59a.exe -
Executes dropped EXE 1 IoCs
pid Process 1248 c1f550f5fe7b39a5cf3892cd8538912e4c4819c0ec5a4474f9368cd8685ae59a.exe -
Loads dropped DLL 1 IoCs
pid Process 1732 c1f550f5fe7b39a5cf3892cd8538912e4c4819c0ec5a4474f9368cd8685ae59a.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1732 c1f550f5fe7b39a5cf3892cd8538912e4c4819c0ec5a4474f9368cd8685ae59a.exe -
Suspicious use of UnmapMainImage 1 IoCs
pid Process 1248 c1f550f5fe7b39a5cf3892cd8538912e4c4819c0ec5a4474f9368cd8685ae59a.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1732 wrote to memory of 1248 1732 c1f550f5fe7b39a5cf3892cd8538912e4c4819c0ec5a4474f9368cd8685ae59a.exe 29 PID 1732 wrote to memory of 1248 1732 c1f550f5fe7b39a5cf3892cd8538912e4c4819c0ec5a4474f9368cd8685ae59a.exe 29 PID 1732 wrote to memory of 1248 1732 c1f550f5fe7b39a5cf3892cd8538912e4c4819c0ec5a4474f9368cd8685ae59a.exe 29 PID 1732 wrote to memory of 1248 1732 c1f550f5fe7b39a5cf3892cd8538912e4c4819c0ec5a4474f9368cd8685ae59a.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\c1f550f5fe7b39a5cf3892cd8538912e4c4819c0ec5a4474f9368cd8685ae59a.exe"C:\Users\Admin\AppData\Local\Temp\c1f550f5fe7b39a5cf3892cd8538912e4c4819c0ec5a4474f9368cd8685ae59a.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:1732 -
C:\Users\Admin\AppData\Local\Temp\c1f550f5fe7b39a5cf3892cd8538912e4c4819c0ec5a4474f9368cd8685ae59a.exeC:\Users\Admin\AppData\Local\Temp\c1f550f5fe7b39a5cf3892cd8538912e4c4819c0ec5a4474f9368cd8685ae59a.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:1248
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\c1f550f5fe7b39a5cf3892cd8538912e4c4819c0ec5a4474f9368cd8685ae59a.exe
Filesize209KB
MD55c60033227d3424173093688fa5ff6de
SHA1d5fa5d62078213d54ddb38d05c5595a9c7eda038
SHA2564455bae0c554aa763b8610ddfc208decf8be6b6e61044aa6ac2372c60665c6d1
SHA512783ae7cefd07cbffb12a434a474d00b49ef1482258f00e1273adb473c2e028a67cfafd51a31c71645360ae433f4e532bd5ba040420266151dd499b1e60a7bafb