d16d59b275c445979ac9aac91c745269925102b55850ebb7679a4e60f3fecc6d

Analysis

max time kernel
142s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
25/08/2023, 10:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d16d59b275c445979ac9aac91c745269925102b55850ebb7679a4e60f3fecc6d.exe
Size

5.9MB
MD5

8b67c6cb5f20141a5c4d6a2840c753ff
SHA1

60bae85c1be8067e467ae26030798d8c00c745a7
SHA256

d16d59b275c445979ac9aac91c745269925102b55850ebb7679a4e60f3fecc6d
SHA512

7d9e2e9593948df70ce8b0747d88d4a27b2e89c5a0209893e0e6bcca09c3b1a3ffe53654e36ef8dc03fc1168a498e091e1b89ef0e58dc1b4f14fd9fa574db2fe
SSDEEP

98304:aWcAEiMKi5UO0IZMOdGVb4jSxAdxU8NxlDuO:Ui5iqIqOdpSGnU8N7l

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
1372	d16d59b275c445979ac9aac91c745269925102b55850ebb7679a4e60f3fecc6d.exe
1372	d16d59b275c445979ac9aac91c745269925102b55850ebb7679a4e60f3fecc6d.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1372 wrote to memory of 3392	1372	d16d59b275c445979ac9aac91c745269925102b55850ebb7679a4e60f3fecc6d.exe	88
PID 1372 wrote to memory of 3392	1372	d16d59b275c445979ac9aac91c745269925102b55850ebb7679a4e60f3fecc6d.exe	88
PID 1372 wrote to memory of 3392	1372	d16d59b275c445979ac9aac91c745269925102b55850ebb7679a4e60f3fecc6d.exe	88

C:\Users\Admin\AppData\Local\Temp\d16d59b275c445979ac9aac91c745269925102b55850ebb7679a4e60f3fecc6d.exe
"C:\Users\Admin\AppData\Local\Temp\d16d59b275c445979ac9aac91c745269925102b55850ebb7679a4e60f3fecc6d.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1372
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\_deleteme.bat
  2⤵
  PID:3392

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\20230825100914860\7z.dll

Filesize
709KB

MD5
ca41d56630191e61565a343c59695ca1

SHA1
774584ff54b38da5d3b3ee02e30908dacab175c5

SHA256
6c80e3f49fcf561e6a0b52f9b4c81d1d07b22085f7864ee4cfd30dd10f6b3b12

SHA512
7f2eb8f773951c5b682b208807235bf4d7d937ece3d9d5c30d17abeb8f74e0be016140e74c64f9d38440269784308ed53c9c76dce6850afa1c7f9cb701229fe1

Download Submit
C:\Users\Admin\AppData\Local\Temp\20230825100914860\USBHidden.dll

Filesize
421KB

MD5
39a3771a086a9af8aaec74d7aaae3c0b

SHA1
4737d17706ead0d5bf1336533194b4cda25207d2

SHA256
40c45b90e93c1f5891a00b3058109465a98c8986a164562dee03e58dc1286ef8

SHA512
31d9fd98fffd86c4c0f3441af4cdc0004d2e0aaf68e29851a54ede4c26a79a26b9769e58702f2abfbe243ceebb34ae4ea6fc0447ab6d2e321c5e66db94dd8f6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\20230825100914860\unlock.ini

Filesize
49KB

MD5
dd2972040fb7c1c39f34a80b5660a118

SHA1
126e64233a8f27637a680a0606da6f008cbb181b

SHA256
9ddb7fbc52d2bbc6c980191d63d8386cd530ea8a87661e7061922259c191cfb8

SHA512
fb105ac030d12b977015937009cca070347c2a88c22d995b1ac4390187cfaf9bcf1e387485680bd24f0b70929b077fa9062ffeba13320e5b41b44136638ff7a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_deleteme.bat

Filesize
248B

MD5
76f8e2ee22a45a2ac10e789ea14854d9

SHA1
572d784ee4a07f63b758165f724afb5c5e291d99

SHA256
0f9452fc75160aa1fc7c54b190279d04851c2968745f80748ae049c4c3908293

SHA512
5bfd39a3362b0a407d8d89040d54aff2db88187097028016f4693f598162674ed3ea4fb85041854b2af340baf68e6d4226b730237d2a8385d13d71e96be9677d

Download Submit
memory/1372-0-0x0000000000BE0000-0x0000000000BE1000-memory.dmp

Filesize
4KB

Download
memory/1372-46-0x0000000000400000-0x00000000009F0000-memory.dmp

Filesize
5.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads