Analysis
-
max time kernel
383s -
max time network
458s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
30/11/2022, 18:30
Static task
static1
Behavioral task
behavioral1
Sample
16b57adbc06a4ad058aa05ccfdeb85b57c8ffc22f7a04e268cd9cb7ea6579653.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
16b57adbc06a4ad058aa05ccfdeb85b57c8ffc22f7a04e268cd9cb7ea6579653.exe
Resource
win10v2004-20221111-en
General
-
Target
16b57adbc06a4ad058aa05ccfdeb85b57c8ffc22f7a04e268cd9cb7ea6579653.exe
-
Size
2.0MB
-
MD5
fb99a467de119cd127cc2a50ef123f87
-
SHA1
3cdf9b3fe3fb89f61c87456adeaca842d6371417
-
SHA256
16b57adbc06a4ad058aa05ccfdeb85b57c8ffc22f7a04e268cd9cb7ea6579653
-
SHA512
43661e0aecd1e61145f2773098a2e88b0dd58eb8e69bd1a8a14372b5f122b2a5b029c1654327ccf30d6b529aa54e587026c908592274984c482d41d592eeb5e7
-
SSDEEP
49152:Ys0SOIpOw7duYyQcMDY1tWToUC497+5aJYAG5cyk:Ys0zw7du7hBAoU17+AJYXcyk
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 3096 is-T1PRN.tmp -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 928 wrote to memory of 3096 928 16b57adbc06a4ad058aa05ccfdeb85b57c8ffc22f7a04e268cd9cb7ea6579653.exe 83 PID 928 wrote to memory of 3096 928 16b57adbc06a4ad058aa05ccfdeb85b57c8ffc22f7a04e268cd9cb7ea6579653.exe 83 PID 928 wrote to memory of 3096 928 16b57adbc06a4ad058aa05ccfdeb85b57c8ffc22f7a04e268cd9cb7ea6579653.exe 83
Processes
-
C:\Users\Admin\AppData\Local\Temp\16b57adbc06a4ad058aa05ccfdeb85b57c8ffc22f7a04e268cd9cb7ea6579653.exe"C:\Users\Admin\AppData\Local\Temp\16b57adbc06a4ad058aa05ccfdeb85b57c8ffc22f7a04e268cd9cb7ea6579653.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:928 -
C:\Users\Admin\AppData\Local\Temp\is-0AL2R.tmp\is-T1PRN.tmp"C:\Users\Admin\AppData\Local\Temp\is-0AL2R.tmp\is-T1PRN.tmp" /SL4 $B01EC "C:\Users\Admin\AppData\Local\Temp\16b57adbc06a4ad058aa05ccfdeb85b57c8ffc22f7a04e268cd9cb7ea6579653.exe" 1871357 517122⤵
- Executes dropped EXE
PID:3096
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
643KB
MD5363a4d2aa5d6cf5cbb2267cccf0c4436
SHA1a4cdb756698ed28f522956166a6292e9e309dd9c
SHA256b5cd942dd7019c1cda1715e4ce942094c41ad1e7bc7c5f63fe3ab7d97bc5a021
SHA512b5929be6e258a63557f376b50a40f6d465cbd372a88e7dcae7944faacb9181cd55873f52dee99cee2e3705596b3b55cb6f784db800f5a32f06e63b9ead3e7c70
-
Filesize
643KB
MD5363a4d2aa5d6cf5cbb2267cccf0c4436
SHA1a4cdb756698ed28f522956166a6292e9e309dd9c
SHA256b5cd942dd7019c1cda1715e4ce942094c41ad1e7bc7c5f63fe3ab7d97bc5a021
SHA512b5929be6e258a63557f376b50a40f6d465cbd372a88e7dcae7944faacb9181cd55873f52dee99cee2e3705596b3b55cb6f784db800f5a32f06e63b9ead3e7c70