Overview

overview

4

Static

static

1

draw-io-20...M1.exe

windows7-x64

4

draw-io-20...M1.exe

windows10-2004-x64

4

Resubmissions

04/07/2023, 16:13

230704-tn8jsafb75 8

01/06/2023, 03:06

230601-dlvl5scg51 4

Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/06/2023, 03:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    draw-io-20.8.16-installer_Jd-nQM1.exe

  • Size

    1.7MB

  • MD5

    a15b0b7ffb3b7fd8ba2f50576a7ff6f1

  • SHA1

    5941f0c47094ec06f0aae9eaff9f1fc06ba97353

  • SHA256

    a6adc7ff9e6a99dbd07c8f11f07d006310f7f4a7ec88cabc80135fe48fab1888

  • SHA512

    5494281d20e7e7cb528a179db5495e7df8a10a37857e519bde5ee398783d3c25af6c348c8fe929af5ae61c08546e55696d90501dbfa5911cbc48c20c423c9969

  • SSDEEP

    24576:V4nXubIQGyxbPV0db26WYbWV9MQF0d3G3mFUNwDWHmda7M6zI3TCdNj8S0UX:Vqe3f6d6LF437OPHmIMuzjCUX

Score
4/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Script User-Agent 1 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\draw-io-20.8.16-installer_Jd-nQM1.exe
    "C:\Users\Admin\AppData\Local\Temp\draw-io-20.8.16-installer_Jd-nQM1.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4640
    • C:\Users\Admin\AppData\Local\Temp\is-A1IDP.tmp\draw-io-20.8.16-installer_Jd-nQM1.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-A1IDP.tmp\draw-io-20.8.16-installer_Jd-nQM1.tmp" /SL5="$C007C,835400,831488,C:\Users\Admin\AppData\Local\Temp\draw-io-20.8.16-installer_Jd-nQM1.exe"
      2⤵
      • Executes dropped EXE
      PID:4852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-A1IDP.tmp\draw-io-20.8.16-installer_Jd-nQM1.tmp
    Filesize

    3.1MB

    MD5

    77fdb3b53bc2e409538922e0832df6d4

    SHA1

    23f9c67adcfe1a0b459e9a832c9b088751a9a9e6

    SHA256

    a876364db41f9c7eb07642e9648775554fd4640b56ad12653b110fea30f7b642

    SHA512

    d5913c24899006a577b7a924eff8ace228560791bfc1b6b739e4defdbad041b2b6451ec3beaead4df90009edb8b3b4a45a97b89085b480ec7fc48bcc8bce0bc7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-L2BNU.tmp\mainlogo.jpg
    Filesize

    2KB

    MD5

    365c89e202350a4b7924f2870621ede5

    SHA1

    1cf3ebf81feaa74ee39d863d1cd94cdde75a7d40

    SHA256

    db765e8d2751df79ba6f98997765b9fa6c42aeb8fb74edba0d30568e4eff18d9

    SHA512

    b8e22432c1536c3afcf881852aab531360755d176482d486cac42d75a39cbd2a1d6f706779c1fa6dd0231bd81182d6b22d69b36b2c2a2e7c745236705ae36426

    Download Submit

  • memory/4640-133-0x0000000000400000-0x00000000004D8000-memory.dmp

    Filesize

    864KB

    Download

  • memory/4640-148-0x0000000000400000-0x00000000004D8000-memory.dmp

    Filesize

    864KB

    Download

  • memory/4852-138-0x00000000027F0000-0x00000000027F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4852-144-0x0000000004BE0000-0x0000000004D20000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/4852-149-0x0000000000400000-0x000000000071A000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/4852-150-0x00000000027F0000-0x00000000027F1000-memory.dmp

    Filesize

    4KB

    Download