a05d5b921f7deea5c147da6bc0b70fc5f7847d9d2ba788af446100f708021248

Analysis

max time kernel
145s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
11/05/2023, 15:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

120.exe
Size

168KB
MD5

2ed3923a2bac11502a7ac4f3397386b2
SHA1

7f7ed3cbece211d1babcf23b32bada1f8ab92474
SHA256

a05d5b921f7deea5c147da6bc0b70fc5f7847d9d2ba788af446100f708021248
SHA512

8a9c84a01e98d65aaf1e3d5d4a13e82a8f2f509ba0889a21c4f042f381c540beea56dbde55f883d18e349a010584f1a07c464f1b4a10db6ce93dd43d7d5790eb
SSDEEP

3072:3SgWPKbig1X2+SY3MCOtKDwrkNGvneeYg/E5zhJytck6ZK7bETV:32g1X2+SkMvHrkzgs5z1KbETV

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 10 IoCs

pid	Process
4388	iexplorer.exe
3632	iexplorer.exe
232	iexplorer.exe
4976	iexplorer.exe
1760	iexplorer.exe
1188	iexplorer.exe
2652	iexplorer.exe
2496	iexplorer.exe
3376	iexplorer.exe
760	iexplorer.exe

Drops file in System32 directory 22 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\iexplorer.exe	iexplorer.exe
File opened for modification	C:\Windows\SysWOW64\iexplorer.exe	iexplorer.exe
File opened for modification	C:\Windows\SysWOW64\iexplorer.exe	iexplorer.exe
File opened for modification	C:\Windows\SysWOW64\iexplorer.exe	iexplorer.exe
File created	C:\Windows\SysWOW64\iexplorer.exe	iexplorer.exe
File opened for modification	C:\Windows\SysWOW64\iexplorer.exe	iexplorer.exe
File created	C:\Windows\SysWOW64\iexplorer.exe	iexplorer.exe
File opened for modification	C:\Windows\SysWOW64\iexplorer.exe	iexplorer.exe
File created	C:\Windows\SysWOW64\iexplorer.exe	iexplorer.exe
File opened for modification	C:\Windows\SysWOW64\iexplorer.exe	iexplorer.exe
File created	C:\Windows\SysWOW64\iexplorer.exe	iexplorer.exe
File created	C:\Windows\SysWOW64\iexplorer.exe	iexplorer.exe
File created	C:\Windows\SysWOW64\iexplorer.exe	iexplorer.exe
File opened for modification	C:\Windows\SysWOW64\iexplorer.exe	120.exe
File created	C:\Windows\SysWOW64\iexplorer.exe	iexplorer.exe
File opened for modification	C:\Windows\SysWOW64\iexplorer.exe	iexplorer.exe
File opened for modification	C:\Windows\SysWOW64\iexplorer.exe	iexplorer.exe
File created	C:\Windows\SysWOW64\iexplorer.exe	iexplorer.exe
File opened for modification	C:\Windows\SysWOW64\iexplorer.exe	iexplorer.exe
File created	C:\Windows\SysWOW64\iexplorer.exe	120.exe
File created	C:\Windows\SysWOW64\iexplorer.exe	iexplorer.exe
File created	C:\Windows\SysWOW64\iexplorer.exe	iexplorer.exe

Suspicious use of WriteProcessMemory 30 IoCs

description	pid	Process	procid_target
PID 4472 wrote to memory of 4388	4472	120.exe	82
PID 4472 wrote to memory of 4388	4472	120.exe	82
PID 4472 wrote to memory of 4388	4472	120.exe	82
PID 4388 wrote to memory of 3632	4388	iexplorer.exe	83
PID 4388 wrote to memory of 3632	4388	iexplorer.exe	83
PID 4388 wrote to memory of 3632	4388	iexplorer.exe	83
PID 3632 wrote to memory of 232	3632	iexplorer.exe	88
PID 3632 wrote to memory of 232	3632	iexplorer.exe	88
PID 3632 wrote to memory of 232	3632	iexplorer.exe	88
PID 232 wrote to memory of 4976	232	iexplorer.exe	92
PID 232 wrote to memory of 4976	232	iexplorer.exe	92
PID 232 wrote to memory of 4976	232	iexplorer.exe	92
PID 4976 wrote to memory of 1760	4976	iexplorer.exe	93
PID 4976 wrote to memory of 1760	4976	iexplorer.exe	93
PID 4976 wrote to memory of 1760	4976	iexplorer.exe	93
PID 1760 wrote to memory of 1188	1760	iexplorer.exe	94
PID 1760 wrote to memory of 1188	1760	iexplorer.exe	94
PID 1760 wrote to memory of 1188	1760	iexplorer.exe	94
PID 1188 wrote to memory of 2652	1188	iexplorer.exe	95
PID 1188 wrote to memory of 2652	1188	iexplorer.exe	95
PID 1188 wrote to memory of 2652	1188	iexplorer.exe	95
PID 2652 wrote to memory of 2496	2652	iexplorer.exe	96
PID 2652 wrote to memory of 2496	2652	iexplorer.exe	96
PID 2652 wrote to memory of 2496	2652	iexplorer.exe	96
PID 2496 wrote to memory of 3376	2496	iexplorer.exe	97
PID 2496 wrote to memory of 3376	2496	iexplorer.exe	97
PID 2496 wrote to memory of 3376	2496	iexplorer.exe	97
PID 3376 wrote to memory of 760	3376	iexplorer.exe	98
PID 3376 wrote to memory of 760	3376	iexplorer.exe	98
PID 3376 wrote to memory of 760	3376	iexplorer.exe	98

C:\Users\Admin\AppData\Local\Temp\120.exe
"C:\Users\Admin\AppData\Local\Temp\120.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4472
- C:\Windows\SysWOW64\iexplorer.exe
  C:\Windows\system32\iexplorer.exe 1124 "C:\Users\Admin\AppData\Local\Temp\120.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:4388
- - C:\Windows\SysWOW64\iexplorer.exe
    C:\Windows\system32\iexplorer.exe 1128 "C:\Windows\SysWOW64\iexplorer.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in System32 directory
    - Suspicious use of WriteProcessMemory
    PID:3632
  - - C:\Windows\SysWOW64\iexplorer.exe
      C:\Windows\system32\iexplorer.exe 1092 "C:\Windows\SysWOW64\iexplorer.exe"
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:232
    - - C:\Windows\SysWOW64\iexplorer.exe
        
        C:\Windows\system32\iexplorer.exe 1096 "C:\Windows\SysWOW64\iexplorer.exe"
        5⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:4976
      - C:\Windows\SysWOW64\iexplorer.exe
        
        C:\Windows\system32\iexplorer.exe 1100 "C:\Windows\SysWOW64\iexplorer.exe"
        6⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1760
        
        C:\Windows\SysWOW64\iexplorer.exe
        
        C:\Windows\system32\iexplorer.exe 1104 "C:\Windows\SysWOW64\iexplorer.exe"
        7⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1188
        
        C:\Windows\SysWOW64\iexplorer.exe
        
        C:\Windows\system32\iexplorer.exe 1108 "C:\Windows\SysWOW64\iexplorer.exe"
        8⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2652
        
        C:\Windows\SysWOW64\iexplorer.exe
        
        C:\Windows\system32\iexplorer.exe 1116 "C:\Windows\SysWOW64\iexplorer.exe"
        9⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2496
        
        C:\Windows\SysWOW64\iexplorer.exe
        
        C:\Windows\system32\iexplorer.exe 1112 "C:\Windows\SysWOW64\iexplorer.exe"
        10⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:3376
        
        C:\Windows\SysWOW64\iexplorer.exe
        
        C:\Windows\system32\iexplorer.exe 1000 "C:\Windows\SysWOW64\iexplorer.exe"
        11⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\iexplorer.exe

Filesize
168KB

MD5
2ed3923a2bac11502a7ac4f3397386b2

SHA1
7f7ed3cbece211d1babcf23b32bada1f8ab92474

SHA256
a05d5b921f7deea5c147da6bc0b70fc5f7847d9d2ba788af446100f708021248

SHA512
8a9c84a01e98d65aaf1e3d5d4a13e82a8f2f509ba0889a21c4f042f381c540beea56dbde55f883d18e349a010584f1a07c464f1b4a10db6ce93dd43d7d5790eb

Download Submit
C:\Windows\SysWOW64\iexplorer.exe

Filesize
168KB

MD5
2ed3923a2bac11502a7ac4f3397386b2

SHA1
7f7ed3cbece211d1babcf23b32bada1f8ab92474

SHA256
a05d5b921f7deea5c147da6bc0b70fc5f7847d9d2ba788af446100f708021248

SHA512
8a9c84a01e98d65aaf1e3d5d4a13e82a8f2f509ba0889a21c4f042f381c540beea56dbde55f883d18e349a010584f1a07c464f1b4a10db6ce93dd43d7d5790eb

Download Submit
C:\Windows\SysWOW64\iexplorer.exe

Filesize
168KB

MD5
2ed3923a2bac11502a7ac4f3397386b2

SHA1
7f7ed3cbece211d1babcf23b32bada1f8ab92474

SHA256
a05d5b921f7deea5c147da6bc0b70fc5f7847d9d2ba788af446100f708021248

SHA512
8a9c84a01e98d65aaf1e3d5d4a13e82a8f2f509ba0889a21c4f042f381c540beea56dbde55f883d18e349a010584f1a07c464f1b4a10db6ce93dd43d7d5790eb

Download Submit
C:\Windows\SysWOW64\iexplorer.exe

Filesize
168KB

MD5
2ed3923a2bac11502a7ac4f3397386b2

SHA1
7f7ed3cbece211d1babcf23b32bada1f8ab92474

SHA256
a05d5b921f7deea5c147da6bc0b70fc5f7847d9d2ba788af446100f708021248

SHA512
8a9c84a01e98d65aaf1e3d5d4a13e82a8f2f509ba0889a21c4f042f381c540beea56dbde55f883d18e349a010584f1a07c464f1b4a10db6ce93dd43d7d5790eb

Download Submit
C:\Windows\SysWOW64\iexplorer.exe

Filesize
168KB

MD5
2ed3923a2bac11502a7ac4f3397386b2

SHA1
7f7ed3cbece211d1babcf23b32bada1f8ab92474

SHA256
a05d5b921f7deea5c147da6bc0b70fc5f7847d9d2ba788af446100f708021248

SHA512
8a9c84a01e98d65aaf1e3d5d4a13e82a8f2f509ba0889a21c4f042f381c540beea56dbde55f883d18e349a010584f1a07c464f1b4a10db6ce93dd43d7d5790eb

Download Submit
C:\Windows\SysWOW64\iexplorer.exe

Filesize
168KB

MD5
2ed3923a2bac11502a7ac4f3397386b2

SHA1
7f7ed3cbece211d1babcf23b32bada1f8ab92474

SHA256
a05d5b921f7deea5c147da6bc0b70fc5f7847d9d2ba788af446100f708021248

SHA512
8a9c84a01e98d65aaf1e3d5d4a13e82a8f2f509ba0889a21c4f042f381c540beea56dbde55f883d18e349a010584f1a07c464f1b4a10db6ce93dd43d7d5790eb

Download Submit
C:\Windows\SysWOW64\iexplorer.exe

Filesize
168KB

MD5
2ed3923a2bac11502a7ac4f3397386b2

SHA1
7f7ed3cbece211d1babcf23b32bada1f8ab92474

SHA256
a05d5b921f7deea5c147da6bc0b70fc5f7847d9d2ba788af446100f708021248

SHA512
8a9c84a01e98d65aaf1e3d5d4a13e82a8f2f509ba0889a21c4f042f381c540beea56dbde55f883d18e349a010584f1a07c464f1b4a10db6ce93dd43d7d5790eb

Download Submit
C:\Windows\SysWOW64\iexplorer.exe

Filesize
168KB

MD5
2ed3923a2bac11502a7ac4f3397386b2

SHA1
7f7ed3cbece211d1babcf23b32bada1f8ab92474

SHA256
a05d5b921f7deea5c147da6bc0b70fc5f7847d9d2ba788af446100f708021248

SHA512
8a9c84a01e98d65aaf1e3d5d4a13e82a8f2f509ba0889a21c4f042f381c540beea56dbde55f883d18e349a010584f1a07c464f1b4a10db6ce93dd43d7d5790eb

Download Submit
C:\Windows\SysWOW64\iexplorer.exe

Filesize
168KB

MD5
2ed3923a2bac11502a7ac4f3397386b2

SHA1
7f7ed3cbece211d1babcf23b32bada1f8ab92474

SHA256
a05d5b921f7deea5c147da6bc0b70fc5f7847d9d2ba788af446100f708021248

SHA512
8a9c84a01e98d65aaf1e3d5d4a13e82a8f2f509ba0889a21c4f042f381c540beea56dbde55f883d18e349a010584f1a07c464f1b4a10db6ce93dd43d7d5790eb

Download Submit
C:\Windows\SysWOW64\iexplorer.exe

Filesize
168KB

MD5
2ed3923a2bac11502a7ac4f3397386b2

SHA1
7f7ed3cbece211d1babcf23b32bada1f8ab92474

SHA256
a05d5b921f7deea5c147da6bc0b70fc5f7847d9d2ba788af446100f708021248

SHA512
8a9c84a01e98d65aaf1e3d5d4a13e82a8f2f509ba0889a21c4f042f381c540beea56dbde55f883d18e349a010584f1a07c464f1b4a10db6ce93dd43d7d5790eb

Download Submit
C:\Windows\SysWOW64\iexplorer.exe

Filesize
168KB

MD5
2ed3923a2bac11502a7ac4f3397386b2

SHA1
7f7ed3cbece211d1babcf23b32bada1f8ab92474

SHA256
a05d5b921f7deea5c147da6bc0b70fc5f7847d9d2ba788af446100f708021248

SHA512
8a9c84a01e98d65aaf1e3d5d4a13e82a8f2f509ba0889a21c4f042f381c540beea56dbde55f883d18e349a010584f1a07c464f1b4a10db6ce93dd43d7d5790eb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads