fc2a812fa337b617ac8585d7d2fcf1fbd32a4b1a482a51f302a6ad4421a64a2c

Analysis

max time kernel
139s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2023, 06:55

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fc2a812fa337b617ac8585d7d2fcf1fbd32a4b1a482a51f302a6ad4421a64a2c.exe
Size

5KB
MD5

2cfb33db4169a15c5294502ae33fbd74
SHA1

b2f2703ab29694be34ac9d366aba1166bb7de8dc
SHA256

fc2a812fa337b617ac8585d7d2fcf1fbd32a4b1a482a51f302a6ad4421a64a2c
SHA512

eb0bd74a727a2d1ed3f17e95284a240e4dd1f32ba3ace6d67303e8e63a7bafa0b1a7360b5311065349e561f0cdb60fe0a5c80ad938a0a2c1da0e50ba44341de0
SSDEEP

48:6DilVtHoWXfImPILvsWAdEcUEO5AdNzuY2YjcLON0Trg7cYIBVmgmVmg09orw2Zi:NHtH9XApvsCxBKHzWOaTrpxB4X4NorU

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
3684	20231004T065514_450.exe
320	20230915T070358_484.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1120 wrote to memory of 4588	1120	fc2a812fa337b617ac8585d7d2fcf1fbd32a4b1a482a51f302a6ad4421a64a2c.exe	100
PID 1120 wrote to memory of 4588	1120	fc2a812fa337b617ac8585d7d2fcf1fbd32a4b1a482a51f302a6ad4421a64a2c.exe	100
PID 4588 wrote to memory of 3684	4588	cmd.exe	101
PID 4588 wrote to memory of 3684	4588	cmd.exe	101
PID 3684 wrote to memory of 216	3684	20231004T065514_450.exe	102
PID 3684 wrote to memory of 216	3684	20231004T065514_450.exe	102
PID 216 wrote to memory of 320	216	cmd.exe	103
PID 216 wrote to memory of 320	216	cmd.exe	103

C:\Users\Admin\AppData\Local\Temp\fc2a812fa337b617ac8585d7d2fcf1fbd32a4b1a482a51f302a6ad4421a64a2c.exe
"C:\Users\Admin\AppData\Local\Temp\fc2a812fa337b617ac8585d7d2fcf1fbd32a4b1a482a51f302a6ad4421a64a2c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1120
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\20231004T065514_450.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4588
- - C:\Users\Admin\AppData\Local\Temp\20231004T065514_450.exe
    C:\Users\Admin\AppData\Local\Temp\20231004T065514_450.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:3684
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\20230915T070358_484.exe
      4⤵
      Suspicious use of WriteProcessMemory
      PID:216
    - - C:\Users\Admin\AppData\Local\Temp\20230915T070358_484.exe
        
        C:\Users\Admin\AppData\Local\Temp\20230915T070358_484.exe
        5⤵
        Executes dropped EXE
        
        PID:320

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\20230915T070358_484.exe

Filesize
5KB

MD5
aff42696ddf4416c00b016cddefc3722

SHA1
a19a7ae36c539b5961739d701dcf51438c4f7cdb

SHA256
348cd5900c22c77af45547c1a692bac02735011d36eaa605998273b160ee6c44

SHA512
ed31ae0ca9cdb3a430c825d332f473bae6b7cecbb0bc3297b598b9a43948aa289b3571547451885b624b7811e4b8090326e982f7c9e7627b6b6cd9deb6b0690f

Download Submit
C:\Users\Admin\AppData\Local\Temp\20230915T070358_484.exe

Filesize
5KB

MD5
aff42696ddf4416c00b016cddefc3722

SHA1
a19a7ae36c539b5961739d701dcf51438c4f7cdb

SHA256
348cd5900c22c77af45547c1a692bac02735011d36eaa605998273b160ee6c44

SHA512
ed31ae0ca9cdb3a430c825d332f473bae6b7cecbb0bc3297b598b9a43948aa289b3571547451885b624b7811e4b8090326e982f7c9e7627b6b6cd9deb6b0690f

Download Submit
C:\Users\Admin\AppData\Local\Temp\20230915T070358_484.exe

Filesize
5KB

MD5
aff42696ddf4416c00b016cddefc3722

SHA1
a19a7ae36c539b5961739d701dcf51438c4f7cdb

SHA256
348cd5900c22c77af45547c1a692bac02735011d36eaa605998273b160ee6c44

SHA512
ed31ae0ca9cdb3a430c825d332f473bae6b7cecbb0bc3297b598b9a43948aa289b3571547451885b624b7811e4b8090326e982f7c9e7627b6b6cd9deb6b0690f

Download Submit
C:\Users\Admin\AppData\Local\Temp\20231004T065514_450.exe

Filesize
5KB

MD5
c66f525e2ca9aeb3b6e34ab275bd4a38

SHA1
adb93b742c20b8b9024cd86651ac2fe23261f80d

SHA256
fa41d2b96490b317a489c48a0fc2b0c86bc2d4f625b126d457d3ed84c8d2a1df

SHA512
3ea38082cfac57d3e3698ab5b174943ba396ad51cdb03daec484d20cfb88cfc496ca4ed774255e90e36153cd5d443d55160ade3587162b78656ed32b4bec85f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\20231004T065514_450.exe

Filesize
5KB

MD5
c66f525e2ca9aeb3b6e34ab275bd4a38

SHA1
adb93b742c20b8b9024cd86651ac2fe23261f80d

SHA256
fa41d2b96490b317a489c48a0fc2b0c86bc2d4f625b126d457d3ed84c8d2a1df

SHA512
3ea38082cfac57d3e3698ab5b174943ba396ad51cdb03daec484d20cfb88cfc496ca4ed774255e90e36153cd5d443d55160ade3587162b78656ed32b4bec85f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\20231004T065514_450.exe

Filesize
5KB

MD5
c66f525e2ca9aeb3b6e34ab275bd4a38

SHA1
adb93b742c20b8b9024cd86651ac2fe23261f80d

SHA256
fa41d2b96490b317a489c48a0fc2b0c86bc2d4f625b126d457d3ed84c8d2a1df

SHA512
3ea38082cfac57d3e3698ab5b174943ba396ad51cdb03daec484d20cfb88cfc496ca4ed774255e90e36153cd5d443d55160ade3587162b78656ed32b4bec85f1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads