e0c49efa560d068150547034710914f28c99e738a52a7bcd49ac1f9d6b9ca98d

Analysis

max time kernel
181s
max time network
193s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06-12-2022 23:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e0c49efa560d068150547034710914f28c99e738a52a7bcd49ac1f9d6b9ca98d.exe
Size

29KB
MD5

37aeff0ba7162b6a69e33022de46b83e
SHA1

6459c98e1e41f1d9d331d4f4e06a6579ab6bcc95
SHA256

e0c49efa560d068150547034710914f28c99e738a52a7bcd49ac1f9d6b9ca98d
SHA512

4278913fa037683dff64aa34edaa08cdf1958415c3ef77cc8ee0d91872c3df7a87cdb62b515861912e0c63de1c1bbd913629d827827b827429410c5c0ae1cebc
SSDEEP

384:7Xb1JAZw7jtigdih7alQylk1Q//YYJLW7wycJbgz:31JAZw/rdihelQjQntLhb8

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1072	Googleld.EXE
2412	Googleld.EXE

Drops file in Windows directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Googleld.EXE	e0c49efa560d068150547034710914f28c99e738a52a7bcd49ac1f9d6b9ca98d.exe
File created	C:\Windows\Debugs.inf	Googleld.EXE
File created	C:\Windows\Mation.inf	e0c49efa560d068150547034710914f28c99e738a52a7bcd49ac1f9d6b9ca98d.exe
File created	C:\Windows\Debugs.inf	e0c49efa560d068150547034710914f28c99e738a52a7bcd49ac1f9d6b9ca98d.exe
File created	C:\Windows\Googleld.EXE	e0c49efa560d068150547034710914f28c99e738a52a7bcd49ac1f9d6b9ca98d.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
852	e0c49efa560d068150547034710914f28c99e738a52a7bcd49ac1f9d6b9ca98d.exe
852	e0c49efa560d068150547034710914f28c99e738a52a7bcd49ac1f9d6b9ca98d.exe
1404	e0c49efa560d068150547034710914f28c99e738a52a7bcd49ac1f9d6b9ca98d.exe
1404	e0c49efa560d068150547034710914f28c99e738a52a7bcd49ac1f9d6b9ca98d.exe
1072	Googleld.EXE
1072	Googleld.EXE
2412	Googleld.EXE
2412	Googleld.EXE

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 852 wrote to memory of 1404	852	e0c49efa560d068150547034710914f28c99e738a52a7bcd49ac1f9d6b9ca98d.exe	82
PID 852 wrote to memory of 1404	852	e0c49efa560d068150547034710914f28c99e738a52a7bcd49ac1f9d6b9ca98d.exe	82
PID 852 wrote to memory of 1404	852	e0c49efa560d068150547034710914f28c99e738a52a7bcd49ac1f9d6b9ca98d.exe	82
PID 1404 wrote to memory of 1072	1404	e0c49efa560d068150547034710914f28c99e738a52a7bcd49ac1f9d6b9ca98d.exe	83
PID 1404 wrote to memory of 1072	1404	e0c49efa560d068150547034710914f28c99e738a52a7bcd49ac1f9d6b9ca98d.exe	83
PID 1404 wrote to memory of 1072	1404	e0c49efa560d068150547034710914f28c99e738a52a7bcd49ac1f9d6b9ca98d.exe	83
PID 1072 wrote to memory of 2412	1072	Googleld.EXE	84
PID 1072 wrote to memory of 2412	1072	Googleld.EXE	84
PID 1072 wrote to memory of 2412	1072	Googleld.EXE	84

C:\Users\Admin\AppData\Local\Temp\e0c49efa560d068150547034710914f28c99e738a52a7bcd49ac1f9d6b9ca98d.exe
"C:\Users\Admin\AppData\Local\Temp\e0c49efa560d068150547034710914f28c99e738a52a7bcd49ac1f9d6b9ca98d.exe"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:852
- C:\Users\Admin\AppData\Local\Temp\e0c49efa560d068150547034710914f28c99e738a52a7bcd49ac1f9d6b9ca98d.exe
  "C:\Users\Admin\AppData\Local\Temp\e0c49efa560d068150547034710914f28c99e738a52a7bcd49ac1f9d6b9ca98d.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1404
- - C:\Windows\Googleld.EXE
    "C:\Windows\Googleld.EXE"
    3⤵
    - Executes dropped EXE
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1072
  - - C:\Windows\Googleld.EXE
      "C:\Windows\Googleld.EXE"
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:2412

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MyTemp

Filesize
102B

MD5
d0fd4c396b889492fb6055176a30b06c

SHA1
cd1edb7468b94e6abd6fbafd75d3fb5530bef037

SHA256
e8889ea8e42678bcbdb1d0302083326fd58f7641a68217e272350b05fa6b248a

SHA512
6645b46caddfd23efe8bfcecdf5a526c1b229d46b3de23e8b5cd9b0a5bd2bbfce8c2e2ab92307353a0ef2ca9d028ad758ba553d3da37ce9e9ed6fb0ee270e9e7

Download Submit
C:\Windows\Googleld.EXE

Filesize
10.5MB

MD5
becacd3ee01c0ff820544cae449f955c

SHA1
0c8c37930c21aba040bfa88971b7bdd9acb1119a

SHA256
4aa891b2a3288f6497c33a4dee64762ba9d80a0201f80c8805649b1dcd547b55

SHA512
9602d2842004c51a01d07ccdc8a1f5a3cfcb5b7e36454d37f0e3bbd17c696260441a0feb373e40f26309e8740e804effb70d95c4bdad4ebacd6bd458179bfb63

Download Submit
C:\Windows\Googleld.EXE

Filesize
10.5MB

MD5
becacd3ee01c0ff820544cae449f955c

SHA1
0c8c37930c21aba040bfa88971b7bdd9acb1119a

SHA256
4aa891b2a3288f6497c33a4dee64762ba9d80a0201f80c8805649b1dcd547b55

SHA512
9602d2842004c51a01d07ccdc8a1f5a3cfcb5b7e36454d37f0e3bbd17c696260441a0feb373e40f26309e8740e804effb70d95c4bdad4ebacd6bd458179bfb63

Download Submit
C:\Windows\Googleld.EXE

Filesize
10.5MB

MD5
becacd3ee01c0ff820544cae449f955c

SHA1
0c8c37930c21aba040bfa88971b7bdd9acb1119a

SHA256
4aa891b2a3288f6497c33a4dee64762ba9d80a0201f80c8805649b1dcd547b55

SHA512
9602d2842004c51a01d07ccdc8a1f5a3cfcb5b7e36454d37f0e3bbd17c696260441a0feb373e40f26309e8740e804effb70d95c4bdad4ebacd6bd458179bfb63

Download Submit
C:\Windows\Mation.inf

Filesize
13B

MD5
e353e98883820415ad14807b2a97920f

SHA1
e0dd02b23270df333700e6f163cc84ad61e6bbfb

SHA256
d87401fe5397a05eaaa08623b898465764369ae13a9eb2c19f745b534d8750f5

SHA512
f3bcc630c0f7de4e144f9ec7b1dff1de033e56fb923ef5c7c96fdd5c59a1d50d89fc30c371ab569f61028c5fd3fe540a16ecefc0e2c26e5c4c3a15d98ff007c2

Download Submit