9c4d140c1f4b6930e75dd3f95c39eb0d4dd41b95518cf3b1098e23b98d3d601e

Analysis

max time kernel
147s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2023, 12:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

as4_fw_2.0b.exe
Size

2.0MB
MD5

27cea36ab84467d737ebcffcef8bd746
SHA1

bbc6425995e38e4fe742d5c97169797ccbe424ea
SHA256

9c4d140c1f4b6930e75dd3f95c39eb0d4dd41b95518cf3b1098e23b98d3d601e
SHA512

cdcb906b01c2533bebabf94bbc2f8862d3d3928e44836276d13df7a771670b7b7b4c85e023f7027781098cd949ad6ab66bddedac86f04748d39b94406f3d99b6
SSDEEP

49152:5alhVLZ0Y8q4TtuUv0k9RRHZIJQ9yFDZSw7AL9Y6oinXBgJ:QVLMxTLNZMQ0FEVJTRgJ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2824	as4_fw_2.0b.tmp

Loads dropped DLL 2 IoCs

pid	Process
2824	as4_fw_2.0b.tmp
2824	as4_fw_2.0b.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3280 wrote to memory of 2824	3280	as4_fw_2.0b.exe	83
PID 3280 wrote to memory of 2824	3280	as4_fw_2.0b.exe	83
PID 3280 wrote to memory of 2824	3280	as4_fw_2.0b.exe	83

C:\Users\Admin\AppData\Local\Temp\as4_fw_2.0b.exe
"C:\Users\Admin\AppData\Local\Temp\as4_fw_2.0b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3280
- C:\Users\Admin\AppData\Local\Temp\is-L1UMD.tmp\as4_fw_2.0b.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-L1UMD.tmp\as4_fw_2.0b.tmp" /SL5="$C006C,1633519,54272,C:\Users\Admin\AppData\Local\Temp\as4_fw_2.0b.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-F7B50.tmp\_isetup\_isdecmp.dll

Filesize
13KB

MD5
a813d18268affd4763dde940246dc7e5

SHA1
c7366e1fd925c17cc6068001bd38eaef5b42852f

SHA256
e19781aabe466dd8779cb9c8fa41bbb73375447066bb34e876cf388a6ed63c64

SHA512
b310ed4cd2e94381c00a6a370fcb7cc867ebe425d705b69caaaaffdafbab91f72d357966916053e72e68ecf712f2af7585500c58bb53ec3e1d539179fcb45fb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-F7B50.tmp\_isetup\_isdecmp.dll

Filesize
13KB

MD5
a813d18268affd4763dde940246dc7e5

SHA1
c7366e1fd925c17cc6068001bd38eaef5b42852f

SHA256
e19781aabe466dd8779cb9c8fa41bbb73375447066bb34e876cf388a6ed63c64

SHA512
b310ed4cd2e94381c00a6a370fcb7cc867ebe425d705b69caaaaffdafbab91f72d357966916053e72e68ecf712f2af7585500c58bb53ec3e1d539179fcb45fb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-L1UMD.tmp\as4_fw_2.0b.tmp

Filesize
688KB

MD5
c765336f0dcf4efdcc2101eed67cd30c

SHA1
fa0279f59738c5aa3b6b20106e109ccd77f895a7

SHA256
c5177fdc6031728e10141745cd69edbc91c92d14411a2dec6e8e8caa4f74ab28

SHA512
06a67ac37c20897967e2cad453793a6ef1c7804d4c578404f845daa88c859b15b0acb51642e6ad23ca6ba6549b02d5f6c98b1fa402004bdbf9d646abab7ec891

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-L1UMD.tmp\as4_fw_2.0b.tmp

Filesize
688KB

MD5
c765336f0dcf4efdcc2101eed67cd30c

SHA1
fa0279f59738c5aa3b6b20106e109ccd77f895a7

SHA256
c5177fdc6031728e10141745cd69edbc91c92d14411a2dec6e8e8caa4f74ab28

SHA512
06a67ac37c20897967e2cad453793a6ef1c7804d4c578404f845daa88c859b15b0acb51642e6ad23ca6ba6549b02d5f6c98b1fa402004bdbf9d646abab7ec891

Download Submit
memory/2824-139-0x0000000000650000-0x0000000000651000-memory.dmp

Filesize
4KB

Download
memory/2824-152-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/2824-153-0x0000000000650000-0x0000000000651000-memory.dmp

Filesize
4KB

Download
memory/3280-133-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/3280-140-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads