Analysis

  • max time kernel
    383s
  • max time network
    458s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/11/2022, 18:30

General

  • Target

    16b57adbc06a4ad058aa05ccfdeb85b57c8ffc22f7a04e268cd9cb7ea6579653.exe

  • Size

    2.0MB

  • MD5

    fb99a467de119cd127cc2a50ef123f87

  • SHA1

    3cdf9b3fe3fb89f61c87456adeaca842d6371417

  • SHA256

    16b57adbc06a4ad058aa05ccfdeb85b57c8ffc22f7a04e268cd9cb7ea6579653

  • SHA512

    43661e0aecd1e61145f2773098a2e88b0dd58eb8e69bd1a8a14372b5f122b2a5b029c1654327ccf30d6b529aa54e587026c908592274984c482d41d592eeb5e7

  • SSDEEP

    49152:Ys0SOIpOw7duYyQcMDY1tWToUC497+5aJYAG5cyk:Ys0zw7du7hBAoU17+AJYXcyk

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\16b57adbc06a4ad058aa05ccfdeb85b57c8ffc22f7a04e268cd9cb7ea6579653.exe
    "C:\Users\Admin\AppData\Local\Temp\16b57adbc06a4ad058aa05ccfdeb85b57c8ffc22f7a04e268cd9cb7ea6579653.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:928
    • C:\Users\Admin\AppData\Local\Temp\is-0AL2R.tmp\is-T1PRN.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-0AL2R.tmp\is-T1PRN.tmp" /SL4 $B01EC "C:\Users\Admin\AppData\Local\Temp\16b57adbc06a4ad058aa05ccfdeb85b57c8ffc22f7a04e268cd9cb7ea6579653.exe" 1871357 51712
      2⤵
      • Executes dropped EXE
      PID:3096

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\is-0AL2R.tmp\is-T1PRN.tmp

          Filesize

          643KB

          MD5

          363a4d2aa5d6cf5cbb2267cccf0c4436

          SHA1

          a4cdb756698ed28f522956166a6292e9e309dd9c

          SHA256

          b5cd942dd7019c1cda1715e4ce942094c41ad1e7bc7c5f63fe3ab7d97bc5a021

          SHA512

          b5929be6e258a63557f376b50a40f6d465cbd372a88e7dcae7944faacb9181cd55873f52dee99cee2e3705596b3b55cb6f784db800f5a32f06e63b9ead3e7c70

        • C:\Users\Admin\AppData\Local\Temp\is-0AL2R.tmp\is-T1PRN.tmp

          Filesize

          643KB

          MD5

          363a4d2aa5d6cf5cbb2267cccf0c4436

          SHA1

          a4cdb756698ed28f522956166a6292e9e309dd9c

          SHA256

          b5cd942dd7019c1cda1715e4ce942094c41ad1e7bc7c5f63fe3ab7d97bc5a021

          SHA512

          b5929be6e258a63557f376b50a40f6d465cbd372a88e7dcae7944faacb9181cd55873f52dee99cee2e3705596b3b55cb6f784db800f5a32f06e63b9ead3e7c70

        • memory/928-132-0x0000000000400000-0x0000000000413000-memory.dmp

          Filesize

          76KB

        • memory/928-137-0x0000000000400000-0x0000000000413000-memory.dmp

          Filesize

          76KB