95a32c06589042c29fc2879bc7e55866664628a0bf1a5180ec92f9b4c52c01cb | Triage

Analysis

max time kernel
79s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
07-06-2022 19:10

Sharing

Report Analysis Logs

General

Target

C4Loader.exe
Size

2.2MB
MD5

5e0b3c359fcc36dfa50f09642e628fd3
SHA1

88ca1402ca389c6fe41e13da53b27722f9dea253
SHA256

95a32c06589042c29fc2879bc7e55866664628a0bf1a5180ec92f9b4c52c01cb
SHA512

eaca6ef4448550d83b63ea4ca2f7c5817a23515e5f74d61eb0e79eafe9c0450d16854054dac2d777a16b19065d4e7d6aa47661715ca05c8646d7c8f63c795545

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 18 IoCs

Processes:

C4Loader.exe

description	pid	process	target process
PID 2136 wrote to memory of 44944	2136	C4Loader.exe	AppLaunch.exe
PID 2136 wrote to memory of 44944	2136	C4Loader.exe	AppLaunch.exe
PID 2136 wrote to memory of 44944	2136	C4Loader.exe	AppLaunch.exe
PID 2136 wrote to memory of 44956	2136	C4Loader.exe	AppLaunch.exe
PID 2136 wrote to memory of 44956	2136	C4Loader.exe	AppLaunch.exe
PID 2136 wrote to memory of 44956	2136	C4Loader.exe	AppLaunch.exe
PID 2136 wrote to memory of 44968	2136	C4Loader.exe	AppLaunch.exe
PID 2136 wrote to memory of 44968	2136	C4Loader.exe	AppLaunch.exe
PID 2136 wrote to memory of 44968	2136	C4Loader.exe	AppLaunch.exe
PID 2136 wrote to memory of 44980	2136	C4Loader.exe	AppLaunch.exe
PID 2136 wrote to memory of 44980	2136	C4Loader.exe	AppLaunch.exe
PID 2136 wrote to memory of 44980	2136	C4Loader.exe	AppLaunch.exe
PID 2136 wrote to memory of 44992	2136	C4Loader.exe	AppLaunch.exe
PID 2136 wrote to memory of 44992	2136	C4Loader.exe	AppLaunch.exe
PID 2136 wrote to memory of 44992	2136	C4Loader.exe	AppLaunch.exe
PID 2136 wrote to memory of 45004	2136	C4Loader.exe	AppLaunch.exe
PID 2136 wrote to memory of 45004	2136	C4Loader.exe	AppLaunch.exe
PID 2136 wrote to memory of 45004	2136	C4Loader.exe	AppLaunch.exe

C:\Users\Admin\AppData\Local\Temp\C4Loader.exe
"C:\Users\Admin\AppData\Local\Temp\C4Loader.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2136

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
2⤵
PID:44944

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
2⤵
PID:44956

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
2⤵
PID:44968

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
2⤵
PID:44980

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
2⤵
PID:44992

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
2⤵
PID:45004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/44944-130-0x0000000000000000-mapping.dmp

Download
memory/44956-131-0x0000000000000000-mapping.dmp

Download
memory/44968-132-0x0000000000000000-mapping.dmp

Download
memory/44980-133-0x0000000000000000-mapping.dmp

Download
memory/44992-134-0x0000000000000000-mapping.dmp

Download
memory/45004-135-0x0000000000000000-mapping.dmp

Download