Analysis
-
max time kernel
118s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
04/11/2024, 16:43
Behavioral task
behavioral1
Sample
c4dd70a93d0e3db386dac9f6c8e3ee2a5ed60e4689a64883ce82d4b11e8bc579.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
c4dd70a93d0e3db386dac9f6c8e3ee2a5ed60e4689a64883ce82d4b11e8bc579.exe
Resource
win10v2004-20241007-en
General
-
Target
c4dd70a93d0e3db386dac9f6c8e3ee2a5ed60e4689a64883ce82d4b11e8bc579.exe
-
Size
7.5MB
-
MD5
5a8ce1124c3e805d43cd285fa5dcc0c0
-
SHA1
067b14ef9949b9a5ccc6b5df7ff399c95e1ba848
-
SHA256
c4dd70a93d0e3db386dac9f6c8e3ee2a5ed60e4689a64883ce82d4b11e8bc579
-
SHA512
dc9ac5147dace6220aed09d22ca2fee384f9d907a79e42b0cadc760e27d9734d65a87f92e3946466c69b88d738882fc20b34783e78d752074a48320d396b1d5a
-
SSDEEP
196608:FRQCwVOurErvI9pWjgN3ZdahF0pbH1AY7WtQsNo/03vC1v:cVOurEUWjqeWx06rYYv
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 2576 c4dd70a93d0e3db386dac9f6c8e3ee2a5ed60e4689a64883ce82d4b11e8bc579.exe -
resource yara_rule behavioral1/files/0x0006000000016d27-21.dat upx -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1852 wrote to memory of 2576 1852 c4dd70a93d0e3db386dac9f6c8e3ee2a5ed60e4689a64883ce82d4b11e8bc579.exe 28 PID 1852 wrote to memory of 2576 1852 c4dd70a93d0e3db386dac9f6c8e3ee2a5ed60e4689a64883ce82d4b11e8bc579.exe 28 PID 1852 wrote to memory of 2576 1852 c4dd70a93d0e3db386dac9f6c8e3ee2a5ed60e4689a64883ce82d4b11e8bc579.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\c4dd70a93d0e3db386dac9f6c8e3ee2a5ed60e4689a64883ce82d4b11e8bc579.exe"C:\Users\Admin\AppData\Local\Temp\c4dd70a93d0e3db386dac9f6c8e3ee2a5ed60e4689a64883ce82d4b11e8bc579.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1852 -
C:\Users\Admin\AppData\Local\Temp\c4dd70a93d0e3db386dac9f6c8e3ee2a5ed60e4689a64883ce82d4b11e8bc579.exe"C:\Users\Admin\AppData\Local\Temp\c4dd70a93d0e3db386dac9f6c8e3ee2a5ed60e4689a64883ce82d4b11e8bc579.exe"2⤵
- Loads dropped DLL
PID:2576
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.7MB
MD518677d48ba556e529b73d6e60afaf812
SHA168f93ed1e3425432ac639a8f0911c144f1d4c986
SHA2568e2c03e1ee5068c16e61d3037a10371f2e9613221a165150008bef04474a8af8
SHA512a843ab3a180684c4f5cae0240da19291e7ed9ae675c9356334386397561c527ab728d73767459350fa67624f389411d03665f69637c5f5c268011d1b103d0b02