59d997be99a32c7645fbcc9422428469b77b9b1a575cf470c4588394c21f438e

Analysis

max time kernel
142s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
05-08-2023 14:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

artmoneypro737eng.exe
Size

1.6MB
MD5

f172baa76fe27fb7a98989eeacdec9f5
SHA1

103274066e5f407326b579c2ccba29475c144686
SHA256

59d997be99a32c7645fbcc9422428469b77b9b1a575cf470c4588394c21f438e
SHA512

e7444bc1a1d402a9734aa121f56d5309d267225c02bb00c9418974b2b8cefde11df587da77945fbc27f6b63e6a442775a0250d1a34703b9e3b01281228988fe2
SSDEEP

49152:k2jdzJpKp/TUUxf7zROAELO0Gq/aObPh/W6+u2P2yHRvgt:pjfaTth7IAEipLiPh/W6lA2t

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4864	artmoneypro737eng.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1228 wrote to memory of 4864	1228	artmoneypro737eng.exe	82
PID 1228 wrote to memory of 4864	1228	artmoneypro737eng.exe	82
PID 1228 wrote to memory of 4864	1228	artmoneypro737eng.exe	82

C:\Users\Admin\AppData\Local\Temp\artmoneypro737eng.exe
"C:\Users\Admin\AppData\Local\Temp\artmoneypro737eng.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1228
- C:\Users\Admin\AppData\Local\Temp\is-SOT9U.tmp\artmoneypro737eng.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-SOT9U.tmp\artmoneypro737eng.tmp" /SL5="$C0202,1456563,50688,C:\Users\Admin\AppData\Local\Temp\artmoneypro737eng.exe"
  2⤵
  - Executes dropped EXE
  PID:4864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-SOT9U.tmp\artmoneypro737eng.tmp

Filesize
666KB

MD5
385aa258a917e2085d16b8477fe7685a

SHA1
897d73efffd1c3601cdb4db4d0b747fdaf1b39f2

SHA256
5fc2a69c35f5ef706807d20f570bfaf04f03173d50391fe3210d3a46b554cd41

SHA512
a244c2beebcffae1cde9c7dc3089a98d8414512a6369f25190e3e869f37a9e87278eb790142fd9f2b998b431d80bcb7071d1fb28eba6e96980908ee9ecd867d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-SOT9U.tmp\artmoneypro737eng.tmp

Filesize
666KB

MD5
385aa258a917e2085d16b8477fe7685a

SHA1
897d73efffd1c3601cdb4db4d0b747fdaf1b39f2

SHA256
5fc2a69c35f5ef706807d20f570bfaf04f03173d50391fe3210d3a46b554cd41

SHA512
a244c2beebcffae1cde9c7dc3089a98d8414512a6369f25190e3e869f37a9e87278eb790142fd9f2b998b431d80bcb7071d1fb28eba6e96980908ee9ecd867d4

Download Submit
memory/1228-134-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/1228-145-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/4864-139-0x0000000002200000-0x0000000002201000-memory.dmp

Filesize
4KB

Download
memory/4864-146-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/4864-147-0x0000000002200000-0x0000000002201000-memory.dmp

Filesize
4KB

Download