Analysis
-
max time kernel
142s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20230221-en -
resource tags
arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system -
submitted
13-04-2023 02:03
Static task
static1
Behavioral task
behavioral1
Sample
d4d51e511115153722f26719a3770c52.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
d4d51e511115153722f26719a3770c52.exe
Resource
win10v2004-20230221-en
General
-
Target
d4d51e511115153722f26719a3770c52.exe
-
Size
300KB
-
MD5
d4d51e511115153722f26719a3770c52
-
SHA1
7118e3d63eaec1528402a5d18f8e78c1de226a70
-
SHA256
2d9ca53605e7ebc892bf95da3a6198d81b1851b97c48e3385dbc6249fd2d0a26
-
SHA512
c3ac1ed8f72dac362a6307a66a3bd86d1af0a3e9d03c1ef32ceb63766026069f35e42d9858a08e753156f6c201262fef143c0c50f101e245dfce883db1fa218a
-
SSDEEP
6144:APyFaFu+osqSGejvIz4QOO3yD0wFae0BKYJ9hvzqF596xDCNP9Do:4yIFu+QH/OOC7d0BRVvG9C+ZO
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 4560 d4d51e511115153722f26719a3770c52.tmp -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4628 wrote to memory of 4560 4628 d4d51e511115153722f26719a3770c52.exe 84 PID 4628 wrote to memory of 4560 4628 d4d51e511115153722f26719a3770c52.exe 84 PID 4628 wrote to memory of 4560 4628 d4d51e511115153722f26719a3770c52.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\d4d51e511115153722f26719a3770c52.exe"C:\Users\Admin\AppData\Local\Temp\d4d51e511115153722f26719a3770c52.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4628 -
C:\Users\Admin\AppData\Local\Temp\is-LPCGC.tmp\d4d51e511115153722f26719a3770c52.tmp"C:\Users\Admin\AppData\Local\Temp\is-LPCGC.tmp\d4d51e511115153722f26719a3770c52.tmp" /SL5="$70056,58953,58368,C:\Users\Admin\AppData\Local\Temp\d4d51e511115153722f26719a3770c52.exe"2⤵
- Executes dropped EXE
PID:4560
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
702KB
MD51afbd25db5c9a90fe05309f7c4fbcf09
SHA1baf330b5c249ca925b4ea19a52fe8b2c27e547fa
SHA2563bb0ee5569fe5453c6b3fa25aa517b925d4f8d1f7ba3475e58fa09c46290658c
SHA5123a448f06862c6d163fd58b68b836d866ae513e04a69774abf5a0c5b7df74f5b9ee37240083760185618c5068bf93e7fd812e76b3e530639111fb1d74f4d28419