Analysis
-
max time kernel
121s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
12/07/2024, 11:05
Static task
static1
Behavioral task
behavioral1
Sample
4f298c60ee97d98a04e1b9bbb0a33b60N.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
4f298c60ee97d98a04e1b9bbb0a33b60N.exe
Resource
win10v2004-20240709-en
General
-
Target
4f298c60ee97d98a04e1b9bbb0a33b60N.exe
-
Size
197KB
-
MD5
4f298c60ee97d98a04e1b9bbb0a33b60
-
SHA1
bcf307a8e48a8fdbf0b1550ba5b46b3afc3b6a9f
-
SHA256
415ab84305ed8f55a7ea15fc1d18277268791a6c48ce2942c19d2f6a4bf77399
-
SHA512
466b994e8e8acb41a5ed29bb9f8e446d69785b278f5bf4ec4847a7c5680dfe1f88b5b7d7cb97ff1a3feafbc255e725da69ffc1cedf285b07aba26e58a891896e
-
SSDEEP
6144:AY9BWBYSFIM+5a8xUPdn7fw0dFbwHmZ+XsSXFAk4+hu+e:AY9EBDFJ+5zU1nLDdFbHZ+XsSOk4+hun
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3020 4f298c60ee97d98a04e1b9bbb0a33b60N.exe -
Executes dropped EXE 1 IoCs
pid Process 3020 4f298c60ee97d98a04e1b9bbb0a33b60N.exe -
Loads dropped DLL 1 IoCs
pid Process 2484 4f298c60ee97d98a04e1b9bbb0a33b60N.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2484 4f298c60ee97d98a04e1b9bbb0a33b60N.exe -
Suspicious use of UnmapMainImage 1 IoCs
pid Process 3020 4f298c60ee97d98a04e1b9bbb0a33b60N.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2484 wrote to memory of 3020 2484 4f298c60ee97d98a04e1b9bbb0a33b60N.exe 31 PID 2484 wrote to memory of 3020 2484 4f298c60ee97d98a04e1b9bbb0a33b60N.exe 31 PID 2484 wrote to memory of 3020 2484 4f298c60ee97d98a04e1b9bbb0a33b60N.exe 31 PID 2484 wrote to memory of 3020 2484 4f298c60ee97d98a04e1b9bbb0a33b60N.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\4f298c60ee97d98a04e1b9bbb0a33b60N.exe"C:\Users\Admin\AppData\Local\Temp\4f298c60ee97d98a04e1b9bbb0a33b60N.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2484 -
C:\Users\Admin\AppData\Local\Temp\4f298c60ee97d98a04e1b9bbb0a33b60N.exeC:\Users\Admin\AppData\Local\Temp\4f298c60ee97d98a04e1b9bbb0a33b60N.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:3020
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
197KB
MD5d336c74832b65b9aaa1c7d6a90fa1bb6
SHA121c6aa8baad0c87c5ff1f9e3c3481927ae277376
SHA256e755cef76862e37210e1d3a661b16ef73c59194779fdd0e490427914f680afd5
SHA5125554262374e2a46acba61b27264d6b71aaa3aa885cd532ed0e5db581054c5f9e51b9c1cb9ee05b3a7fa43372c6a00be9983430d9de9232bc40348d98f1f42aba