c249c3bc78c6345a51bbeb006462de25cc72743b144c8f34fbff69877a595652

Analysis

max time kernel
25s
max time network
40s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29-10-2022 03:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c249c3bc78c6345a51bbeb006462de25cc72743b144c8f34fbff69877a595652.exe
Size

790KB
MD5

a06182a32d6f252accaa894e6d118a94
SHA1

9067c8d2744626face7f4ea975122d5ff1e72532
SHA256

c249c3bc78c6345a51bbeb006462de25cc72743b144c8f34fbff69877a595652
SHA512

0d57ff3e3a436f0b4c03e675286e251aa60e8eab3dcaa21715720a716635f3d555b9a78f84644fd942c8bff5a60de6df42cb8838c9f04045888241263e748536
SSDEEP

24576:ShiDoNJQWSSx3cYrv21znzWnaGsPZ6gA+Bxyv:2iDPWSSx32nzWlgZ6BYyv

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2052	setup.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4796 wrote to memory of 2052	4796	c249c3bc78c6345a51bbeb006462de25cc72743b144c8f34fbff69877a595652.exe	71
PID 4796 wrote to memory of 2052	4796	c249c3bc78c6345a51bbeb006462de25cc72743b144c8f34fbff69877a595652.exe	71
PID 4796 wrote to memory of 2052	4796	c249c3bc78c6345a51bbeb006462de25cc72743b144c8f34fbff69877a595652.exe	71

C:\Users\Admin\AppData\Local\Temp\c249c3bc78c6345a51bbeb006462de25cc72743b144c8f34fbff69877a595652.exe
"C:\Users\Admin\AppData\Local\Temp\c249c3bc78c6345a51bbeb006462de25cc72743b144c8f34fbff69877a595652.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4796
- C:\Users\Admin\AppData\Local\Temp\6cf22bd1\setup.exe
  "C:\Users\Admin\AppData\Local\Temp/6cf22bd1/setup.exe" ProfileFileName=step0.ini
  2⤵
  - Executes dropped EXE
  PID:2052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\6cf22bd1\installer\boot.dat

Filesize
1KB

MD5
82ff009dd3236db90393cead19bd2b16

SHA1
3b9eab7281a500960d6598316db7b8299970d8ba

SHA256
0f1d6e066ebc9ed29cc2f194fad5091431a57eb85e13fdd19d1c8881c9402e71

SHA512
47bc6609654812719030e470f949b2af139346937cb689d078de731d57278f2743da5a1cf2dd71bbadb47251be7e5b784c429ba2769559e2d4dcddc978fbe8f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\6cf22bd1\installer\installer-config.dat

Filesize
4KB

MD5
26346960decad3a50d16370897784854

SHA1
a2a5986399f33bd62cd15757895475f818291302

SHA256
e6283313fa634034a1251471b5517fa9264c55f1e8008af103dbb13242dcc88f

SHA512
1344d6c3201e33ff26063c58b2030b1b16fb8bcab951caa9bfe9cce4c09d190881705a7eafccc6ccfe0bdf1abf71ae360ea3e3ef10ee6ef0cfaf0eb1aba39e54

Download Submit
C:\Users\Admin\AppData\Local\Temp\6cf22bd1\installer\installer.dat

Filesize
25KB

MD5
a437d65382f997037099cdb7e6652214

SHA1
e192c49c9416fefac7a93057fc20a200bc59a1d0

SHA256
9bf410ffba85d6b15d86cd1148c3d3258168c35161a6d746fcd0af6bdbf94888

SHA512
dd1352b9879e46a9709e001d2208faa3389af6f96fba7cf68c1bd371f0bb9b342e8d38189f3cd8db288d218b501be8d1f48fd3dc4fd5053c1b70efb3cbe4c1f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\6cf22bd1\installer\new-screen.dat

Filesize
2KB

MD5
ff3ac2ce15df8c6e09677fff184dd67e

SHA1
a9b938df0cb6338c557c118766e25acc97bcf1f8

SHA256
ae780c4499c3560092e6b5bcbf4ae596f7b0df3e77d0d3cb3eeb33b54eeb2dfe

SHA512
a7fdd31a34c45d608f99afb06c9ac54c2218603f1d3828af13a0060e19f2d4903ddc253f3209455acff7459679e3514cade3289e21c1f3f598a07b7e8e361ad0

Download Submit
C:\Users\Admin\AppData\Local\Temp\6cf22bd1\installer\step0.ini

Filesize
902B

MD5
bbcf46293fe8fbfc90ca5cda1010ce02

SHA1
a66029d0c43ff9eb9fbe0d521b8dda15795049d8

SHA256
3e396587f0549b4a05683dbd56d1969c7b1d678d347c44c8ec227b61d1d84053

SHA512
d48edf81c056e6268ef2995dc64ead7b8418a29319f491863fb3aaa7e776f3e376efbb59acf1f933856a164f29dc1ee1fc3646118e036f704c4ef132def6c4aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\6cf22bd1\setup.exe

Filesize
18KB

MD5
3401cba5b4c9accb6d6bca305fbce225

SHA1
371c0533f59f19c2a2ef5ff6ed2bc52d503e6939

SHA256
5ad6105f5451f7bb958f7ef329a2eaf747148483d4554d3a14fb9de6ce437ce9

SHA512
e45f8b377bb34e45884f4ef235dce369f419c654030b71a85555c49ae8143934d11ec9db4b2eb48b60cc53e7d00b34181af01310c73ff98fb4527fc4ff2a9711

Download Submit
C:\Users\Admin\AppData\Local\Temp\6cf22bd1\setup.exe

Filesize
20KB

MD5
9d0c0b5ddadff77f47b7ed842dc7cd16

SHA1
155c184499da059ddc25eaf7d607da55bf6fabf3

SHA256
66af582a90e4f8ae2e60d91b66a6a6eedb1e75d5e8eab2e28cd75f946a7a251a

SHA512
7800788d09e6c78438d71689109c3313badbfde1a86e15323d04f6de03fb75f689d8261b835cb985ebc3511245536201a58fd0c32a4836fb3d2f0ca88e72e48c

Download Submit
memory/2052-132-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads