3e59a641eca8a41260f3947115a3f4faae2a10a59350705fbb601b1e8d494b3b

Analysis

max time kernel
154s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 14:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3e59a641eca8a41260f3947115a3f4faae2a10a59350705fbb601b1e8d494b3b.exe
Size

96KB
MD5

13cd09375172c6a792899338f94b5fb7
SHA1

93ed31c2c4ac97f01b26b9be8439daed491d8a33
SHA256

3e59a641eca8a41260f3947115a3f4faae2a10a59350705fbb601b1e8d494b3b
SHA512

82ae81cdbd835643d19a7246111e3c6e2af2c39b1b72c46581ec91f9844cffa838787ab3caa2b6832377384f6b7d48d932c5ec90ab6e73fc951211037190e25f
SSDEEP

3072:1QS4jHS8q/3nTzePCwNUh4E9vxOtTXrhG:1L428q/nTzePCwG7vqTrc

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

clmumqkujv

pid process

1464 clmumqkujv

pid	process
1464	clmumqkujv

Loads dropped DLL 2 IoCs

Processes:

3e59a641eca8a41260f3947115a3f4faae2a10a59350705fbb601b1e8d494b3b.exe

pid	process
1140	3e59a641eca8a41260f3947115a3f4faae2a10a59350705fbb601b1e8d494b3b.exe
1140	3e59a641eca8a41260f3947115a3f4faae2a10a59350705fbb601b1e8d494b3b.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

3e59a641eca8a41260f3947115a3f4faae2a10a59350705fbb601b1e8d494b3b.exe

description	pid	process	target process
PID 1140 wrote to memory of 1464	1140	3e59a641eca8a41260f3947115a3f4faae2a10a59350705fbb601b1e8d494b3b.exe	clmumqkujv
PID 1140 wrote to memory of 1464	1140	3e59a641eca8a41260f3947115a3f4faae2a10a59350705fbb601b1e8d494b3b.exe	clmumqkujv
PID 1140 wrote to memory of 1464	1140	3e59a641eca8a41260f3947115a3f4faae2a10a59350705fbb601b1e8d494b3b.exe	clmumqkujv
PID 1140 wrote to memory of 1464	1140	3e59a641eca8a41260f3947115a3f4faae2a10a59350705fbb601b1e8d494b3b.exe	clmumqkujv

C:\Users\Admin\AppData\Local\Temp\3e59a641eca8a41260f3947115a3f4faae2a10a59350705fbb601b1e8d494b3b.exe
"C:\Users\Admin\AppData\Local\Temp\3e59a641eca8a41260f3947115a3f4faae2a10a59350705fbb601b1e8d494b3b.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1140

\??\c:\users\admin\appdata\local\clmumqkujv
"C:\Users\Admin\AppData\Local\Temp\3e59a641eca8a41260f3947115a3f4faae2a10a59350705fbb601b1e8d494b3b.exe" a -sc:\users\admin\appdata\local\temp\3e59a641eca8a41260f3947115a3f4faae2a10a59350705fbb601b1e8d494b3b.exe
2⤵
- Executes dropped EXE
PID:1464

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\clmumqkujv

Filesize
22.5MB

MD5
0c23c2cf5cff63f6908a1df5de7e154e

SHA1
61ec2eea526b128429aa584b22053caf83de7ff1

SHA256
4d37aa6af8abb312b548a93ce5cf4d5b9353aae55b18fca1aec8e2cefff6fcbc

SHA512
508bf611909c11c27106b36db994bc892d62b35f6bbb8e47ca3e6e6eba00d892f1ab043c0064a131ee7fffdfd26919d29c4df7b722fa1c399fef836366417444

Download Submit
\Users\Admin\AppData\Local\clmumqkujv

Filesize
22.5MB

MD5
0c23c2cf5cff63f6908a1df5de7e154e

SHA1
61ec2eea526b128429aa584b22053caf83de7ff1

SHA256
4d37aa6af8abb312b548a93ce5cf4d5b9353aae55b18fca1aec8e2cefff6fcbc

SHA512
508bf611909c11c27106b36db994bc892d62b35f6bbb8e47ca3e6e6eba00d892f1ab043c0064a131ee7fffdfd26919d29c4df7b722fa1c399fef836366417444

Download Submit
\Users\Admin\AppData\Local\clmumqkujv

Filesize
22.5MB

MD5
0c23c2cf5cff63f6908a1df5de7e154e

SHA1
61ec2eea526b128429aa584b22053caf83de7ff1

SHA256
4d37aa6af8abb312b548a93ce5cf4d5b9353aae55b18fca1aec8e2cefff6fcbc

SHA512
508bf611909c11c27106b36db994bc892d62b35f6bbb8e47ca3e6e6eba00d892f1ab043c0064a131ee7fffdfd26919d29c4df7b722fa1c399fef836366417444

Download Submit
memory/1140-54-0x0000000000400000-0x000000000044E344-memory.dmp

Filesize
312KB

Download
memory/1140-55-0x0000000000400000-0x000000000044E344-memory.dmp

Filesize
312KB

Download
memory/1464-58-0x0000000000000000-mapping.dmp

Download
memory/1464-60-0x0000000000400000-0x000000000044E344-memory.dmp

Filesize
312KB

Download
memory/1464-61-0x0000000000400000-0x000000000044E344-memory.dmp

Filesize
312KB

Download