39f92aed5dfa2cd20ae7df11e16acce9bb2e80c7e6539bc81f352d42ab578eb6

Analysis

max time kernel
7s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230824-en
resource tags

arch:x64arch:x86image:win10v2004-20230824-enlocale:en-usos:windows10-2004-x64system
submitted
29/08/2023, 14:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cn_flash_installer.exe
Size

9.8MB
MD5

8b9436c358a1d7f0ca61eca81b5025f7
SHA1

7db78548aae9e4872b06ee9e79c29553947db3d6
SHA256

39f92aed5dfa2cd20ae7df11e16acce9bb2e80c7e6539bc81f352d42ab578eb6
SHA512

c1de24c559797814cd15ccf5ad1433579eae0fd88e7ea4320dd8aaf42cc284496dc59c43d412013d9d4a2ca1d405260ecafe395fa9dd38d7253413ab1ef68933
SSDEEP

196608:ugEl40+bWzjxD3Dm5l3OZCTFhVl4dQ63Tq2N+SHk:k4dWzjq4ZCTODZ+S

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3712	td.Principal.UserId =.exe
3712	td.Principal.UserId =.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2972 wrote to memory of 3712	2972	cn_flash_installer.exe	85
PID 2972 wrote to memory of 3712	2972	cn_flash_installer.exe	85
PID 2972 wrote to memory of 3712	2972	cn_flash_installer.exe	173
PID 2972 wrote to memory of 3712	2972	cn_flash_installer.exe	173

C:\Users\Admin\AppData\Local\Temp\cn_flash_installer.exe
"C:\Users\Admin\AppData\Local\Temp\cn_flash_installer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2972
- C:\Users\Admin\AppData\Local\Temp\td.Principal.UserId =.exe
  "C:\Users\Admin\AppData\Local\Temp\td.Principal.UserId =.exe"
  2⤵
  - Executes dropped EXE
  PID:3712

C:\Users\Admin\AppData\Local\Temp\cn_flash_installer.exe
"C:\Users\Admin\AppData\Local\Temp\cn_flash_installer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2972
- C:\Users\Admin\AppData\Local\Temp\td.Principal.UserId =.exe
  "C:\Users\Admin\AppData\Local\Temp\td.Principal.UserId =.exe"
  2⤵
  - Executes dropped EXE
  PID:3712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Microsoft.Win32.TaskScheduler.dll

Filesize
320KB

MD5
09c60e1aab50213d3111e69dcf3e483b

SHA1
37471e9e9ddc35d06a45f746f987f6e3fd7b3e76

SHA256
a91c3aa2e72e534bb35f8d3ec2a188dd5581d22fb409d65b0eaeae8f4105f897

SHA512
688dcd63f07f007c3de995eb33ae5ae6812a49ac2bb8874f3ee1ddad8fb63f376c0b90641c1d137e9e4b27d6fc36a76fc091ebced81ed582d8036a56acae569b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft.Win32.TaskScheduler.dll

Filesize
320KB

MD5
09c60e1aab50213d3111e69dcf3e483b

SHA1
37471e9e9ddc35d06a45f746f987f6e3fd7b3e76

SHA256
a91c3aa2e72e534bb35f8d3ec2a188dd5581d22fb409d65b0eaeae8f4105f897

SHA512
688dcd63f07f007c3de995eb33ae5ae6812a49ac2bb8874f3ee1ddad8fb63f376c0b90641c1d137e9e4b27d6fc36a76fc091ebced81ed582d8036a56acae569b

Download Submit
C:\Users\Admin\AppData\Local\Temp\td.Principal.UserId =.exe

Filesize
9.3MB

MD5
73790e781a0b3c7f1e1e8f9fa8f9d239

SHA1
9853fe35e1b6e06b53ad2234d4fa2156fa5ccf97

SHA256
2a3cf204dcc977df6347a039428ae863066700cecfac965dcaeb7b9bd61bc1b6

SHA512
119934b5e27a7d726874c32b6feb579368b93a7359af21a741f5d44723328df1965a2f8a8c021c55d55e2facb86a98ac664c3743565b748b7045c0c2d525b3f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\td.Principal.UserId =.exe

Filesize
9.3MB

MD5
73790e781a0b3c7f1e1e8f9fa8f9d239

SHA1
9853fe35e1b6e06b53ad2234d4fa2156fa5ccf97

SHA256
2a3cf204dcc977df6347a039428ae863066700cecfac965dcaeb7b9bd61bc1b6

SHA512
119934b5e27a7d726874c32b6feb579368b93a7359af21a741f5d44723328df1965a2f8a8c021c55d55e2facb86a98ac664c3743565b748b7045c0c2d525b3f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\td.Principal.UserId =.exe

Filesize
9.3MB

MD5
73790e781a0b3c7f1e1e8f9fa8f9d239

SHA1
9853fe35e1b6e06b53ad2234d4fa2156fa5ccf97

SHA256
2a3cf204dcc977df6347a039428ae863066700cecfac965dcaeb7b9bd61bc1b6

SHA512
119934b5e27a7d726874c32b6feb579368b93a7359af21a741f5d44723328df1965a2f8a8c021c55d55e2facb86a98ac664c3743565b748b7045c0c2d525b3f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\td.Principal.UserId =.exe

Filesize
9.3MB

MD5
73790e781a0b3c7f1e1e8f9fa8f9d239

SHA1
9853fe35e1b6e06b53ad2234d4fa2156fa5ccf97

SHA256
2a3cf204dcc977df6347a039428ae863066700cecfac965dcaeb7b9bd61bc1b6

SHA512
119934b5e27a7d726874c32b6feb579368b93a7359af21a741f5d44723328df1965a2f8a8c021c55d55e2facb86a98ac664c3743565b748b7045c0c2d525b3f2

Download Submit
memory/3712-9-0x0000000001FC0000-0x0000000001FD0000-memory.dmp

Filesize
64KB

Download
memory/3712-7-0x0000000000250000-0x0000000000BA2000-memory.dmp

Filesize
9.3MB

Download
memory/3712-12-0x000000001C9F0000-0x000000001CA46000-memory.dmp

Filesize
344KB

Download
memory/3712-13-0x000000001CC50000-0x000000001CE4A000-memory.dmp

Filesize
2.0MB

Download
memory/3712-8-0x00007FFA22770000-0x00007FFA23111000-memory.dmp

Filesize
9.6MB

Download
memory/3712-7-0x0000000000250000-0x0000000000BA2000-memory.dmp

Filesize
9.3MB

Download
memory/3712-6-0x00007FFA22770000-0x00007FFA23111000-memory.dmp

Filesize
9.6MB

Download
memory/3712-10-0x000000001C980000-0x000000001C9E2000-memory.dmp

Filesize
392KB

Download
memory/3712-8-0x00007FFA22770000-0x00007FFA23111000-memory.dmp

Filesize
9.6MB

Download
memory/3712-9-0x0000000001FC0000-0x0000000001FD0000-memory.dmp

Filesize
64KB

Download
memory/3712-10-0x000000001C980000-0x000000001C9E2000-memory.dmp

Filesize
392KB

Download
memory/3712-6-0x00007FFA22770000-0x00007FFA23111000-memory.dmp

Filesize
9.6MB

Download
memory/3712-12-0x000000001C9F0000-0x000000001CA46000-memory.dmp

Filesize
344KB

Download
memory/3712-13-0x000000001CC50000-0x000000001CE4A000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads