Analysis
-
max time kernel
148s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
06-06-2023 08:55
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20230220-en
General
-
Target
tmp.exe
-
Size
86.2MB
-
MD5
bdd30ac79d6b35f8e59a0dc670ac7c1a
-
SHA1
096db12b9e7a3a649daa147b315e2a837d21e0e0
-
SHA256
f29ebd52c9b8891fcae13d1ae9ca65346b2052b3b36d3452603f09a3ef3efcb3
-
SHA512
e66060534ecff8f3cd85af1a1b089ec1ed63dfd163f725d5fd0cd862ae32d6d32fe970407a9a152c4347c6f5a824d5ed95a430c7a16edb9d69abc1266a8b86d5
-
SSDEEP
1572864:uqGnFh4rS8EH0kvl/aiq78O0NSN0wT+VFpK6BjGFs+4C9WkRX82406vep4KN4osQ:Kng+v0kt/aiq7dxT+Xki+4aWkRsr0ePK
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1528 tmp.tmp -
Loads dropped DLL 1 IoCs
pid Process 1520 tmp.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1520 wrote to memory of 1528 1520 tmp.exe 27 PID 1520 wrote to memory of 1528 1520 tmp.exe 27 PID 1520 wrote to memory of 1528 1520 tmp.exe 27 PID 1520 wrote to memory of 1528 1520 tmp.exe 27 PID 1520 wrote to memory of 1528 1520 tmp.exe 27 PID 1520 wrote to memory of 1528 1520 tmp.exe 27 PID 1520 wrote to memory of 1528 1520 tmp.exe 27
Processes
-
C:\Users\Admin\AppData\Local\Temp\tmp.exe"C:\Users\Admin\AppData\Local\Temp\tmp.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1520 -
C:\Users\Admin\AppData\Local\Temp\is-FL4A4.tmp\tmp.tmp"C:\Users\Admin\AppData\Local\Temp\is-FL4A4.tmp\tmp.tmp" /SL5="$70124,89523716,832512,C:\Users\Admin\AppData\Local\Temp\tmp.exe"2⤵
- Executes dropped EXE
PID:1528
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.1MB
MD5a71a0e6547db360843a9fce2e7e93fb5
SHA1e6002fac138600ed134f218893509c3a9a43ca3b
SHA25607466ccbeeafa87b1c63137ac96dd1ffd8eb31993a4d373188545a9453ccf722
SHA5127c24e4c0b187a404cc3518c3862fdc7ffae315ed46350533c6b7cb62cf10c533ca56f260d8ac4d8e83f96e57d78ac551ae13c13c0737fd6be2b33f5b344724d6
-
Filesize
3.1MB
MD5a71a0e6547db360843a9fce2e7e93fb5
SHA1e6002fac138600ed134f218893509c3a9a43ca3b
SHA25607466ccbeeafa87b1c63137ac96dd1ffd8eb31993a4d373188545a9453ccf722
SHA5127c24e4c0b187a404cc3518c3862fdc7ffae315ed46350533c6b7cb62cf10c533ca56f260d8ac4d8e83f96e57d78ac551ae13c13c0737fd6be2b33f5b344724d6