Analysis
-
max time kernel
142s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
24-02-2023 01:55
Static task
static1
Behavioral task
behavioral1
Sample
ca2ead342a22fcd891f73f99cba91005.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
ca2ead342a22fcd891f73f99cba91005.exe
Resource
win10v2004-20230220-en
General
-
Target
ca2ead342a22fcd891f73f99cba91005.exe
-
Size
34.0MB
-
MD5
ca2ead342a22fcd891f73f99cba91005
-
SHA1
6e6470b49e9e9791acc6854b3d3823e97b058407
-
SHA256
3212aa98f6c8d67aa997a074578010b36d3df5d1a6d2055f5434ba8632fc260e
-
SHA512
39e8e285f3bc169ce3306cecf7a06317a93126dfce2d128acbb0a82d693d98ba0297601e258e4fa48ab8d2f235c6f8b5b648b48f15c02022e22893095a470bc6
-
SSDEEP
786432:5fzVFV7zFAsPBoyK32MlH8CSC9xSWEjh/dlCBS1Y/qemqa:/fWyKGMlcnelEdlO0YLa
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
ca2ead342a22fcd891f73f99cba91005.tmppid process 1452 ca2ead342a22fcd891f73f99cba91005.tmp -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
ca2ead342a22fcd891f73f99cba91005.exedescription pid process target process PID 2124 wrote to memory of 1452 2124 ca2ead342a22fcd891f73f99cba91005.exe ca2ead342a22fcd891f73f99cba91005.tmp PID 2124 wrote to memory of 1452 2124 ca2ead342a22fcd891f73f99cba91005.exe ca2ead342a22fcd891f73f99cba91005.tmp PID 2124 wrote to memory of 1452 2124 ca2ead342a22fcd891f73f99cba91005.exe ca2ead342a22fcd891f73f99cba91005.tmp
Processes
-
C:\Users\Admin\AppData\Local\Temp\ca2ead342a22fcd891f73f99cba91005.exe"C:\Users\Admin\AppData\Local\Temp\ca2ead342a22fcd891f73f99cba91005.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2124 -
C:\Users\Admin\AppData\Local\Temp\is-MVUVH.tmp\ca2ead342a22fcd891f73f99cba91005.tmp"C:\Users\Admin\AppData\Local\Temp\is-MVUVH.tmp\ca2ead342a22fcd891f73f99cba91005.tmp" /SL5="$B006A,34943088,780288,C:\Users\Admin\AppData\Local\Temp\ca2ead342a22fcd891f73f99cba91005.exe"2⤵
- Executes dropped EXE
PID:1452
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.5MB
MD5869c50863faef0fa7052b5551698ed58
SHA1feb12f73e0a68d43db51a35f04be3f9d2aac90a3
SHA2567e49962115092d3709b9a3e68934972931bb900f23bf4b42ac90d250725e7d4e
SHA51219076555396601758b0b62a9b9fc68bb96b83387c5a345c3e68f5794b67c45bec7905654fe1243e2daf3ae8fe11c2ad243e962633370535a7a3f41bcb7fec1df