0c6ed004864bae45729bb4c956004379c20e14c6a9f32465062da106d7c941a8

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2023, 07:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0c6ed004864bae45729bb4c956004379c20e14c6a9f32465062da106d7c941a8.exe
Size

5KB
MD5

c17e511227c61a747a23388ad29f9ceb
SHA1

148280760ead00972091e207b1623af734666dfb
SHA256

0c6ed004864bae45729bb4c956004379c20e14c6a9f32465062da106d7c941a8
SHA512

d8e729640dbd6d59915995ba074e9fdfa9a402f3b31d55854dc80247c711788cc5a448641b6baa5afeff58ed9cc028eb93b5abf7e9bfe3623afe9a7413a94357
SSDEEP

96:gtHvXO/Kmm4HG1NEV777nTrYKI/KITord:KvX9um1qV3ICITord

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 6 IoCs

pid	Process
1860	20231011T103549_848.exe
5056	20231011T103620_457.exe
1312	20230915T073705_233.exe
2752	20230915T073725_561.exe
4496	20230915T073741_670.exe
4024	20230915T073805_999.exe

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 208 wrote to memory of 4648	208	0c6ed004864bae45729bb4c956004379c20e14c6a9f32465062da106d7c941a8.exe	87
PID 208 wrote to memory of 4648	208	0c6ed004864bae45729bb4c956004379c20e14c6a9f32465062da106d7c941a8.exe	87
PID 4648 wrote to memory of 1860	4648	cmd.exe	88
PID 4648 wrote to memory of 1860	4648	cmd.exe	88
PID 1860 wrote to memory of 1132	1860	20231011T103549_848.exe	101
PID 1860 wrote to memory of 1132	1860	20231011T103549_848.exe	101
PID 1132 wrote to memory of 5056	1132	cmd.exe	102
PID 1132 wrote to memory of 5056	1132	cmd.exe	102
PID 5056 wrote to memory of 4656	5056	20231011T103620_457.exe	103
PID 5056 wrote to memory of 4656	5056	20231011T103620_457.exe	103
PID 4656 wrote to memory of 1312	4656	cmd.exe	104
PID 4656 wrote to memory of 1312	4656	cmd.exe	104
PID 1312 wrote to memory of 2352	1312	20230915T073705_233.exe	105
PID 1312 wrote to memory of 2352	1312	20230915T073705_233.exe	105
PID 2352 wrote to memory of 2752	2352	cmd.exe	106
PID 2352 wrote to memory of 2752	2352	cmd.exe	106
PID 2752 wrote to memory of 1964	2752	20230915T073725_561.exe	107
PID 2752 wrote to memory of 1964	2752	20230915T073725_561.exe	107
PID 1964 wrote to memory of 4496	1964	cmd.exe	108
PID 1964 wrote to memory of 4496	1964	cmd.exe	108
PID 4496 wrote to memory of 3948	4496	20230915T073741_670.exe	109
PID 4496 wrote to memory of 3948	4496	20230915T073741_670.exe	109
PID 3948 wrote to memory of 4024	3948	cmd.exe	110
PID 3948 wrote to memory of 4024	3948	cmd.exe	110

C:\Users\Admin\AppData\Local\Temp\0c6ed004864bae45729bb4c956004379c20e14c6a9f32465062da106d7c941a8.exe
"C:\Users\Admin\AppData\Local\Temp\0c6ed004864bae45729bb4c956004379c20e14c6a9f32465062da106d7c941a8.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:208
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\20231011T103549_848.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4648
- - C:\Users\Admin\AppData\Local\Temp\20231011T103549_848.exe
    C:\Users\Admin\AppData\Local\Temp\20231011T103549_848.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:1860
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\20231011T103620_457.exe
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1132
    - - C:\Users\Admin\AppData\Local\Temp\20231011T103620_457.exe
        
        C:\Users\Admin\AppData\Local\Temp\20231011T103620_457.exe
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:5056
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\20230915T073705_233.exe
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\20230915T073705_233.exe
        
        C:\Users\Admin\AppData\Local\Temp\20230915T073705_233.exe
        7⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1312
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\20230915T073725_561.exe
        8⤵
        Suspicious use of WriteProcessMemory
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\20230915T073725_561.exe
        
        C:\Users\Admin\AppData\Local\Temp\20230915T073725_561.exe
        9⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2752
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\20230915T073741_670.exe
        10⤵
        Suspicious use of WriteProcessMemory
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\20230915T073741_670.exe
        
        C:\Users\Admin\AppData\Local\Temp\20230915T073741_670.exe
        11⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4496
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\20230915T073805_999.exe
        12⤵
        Suspicious use of WriteProcessMemory
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\20230915T073805_999.exe
        
        C:\Users\Admin\AppData\Local\Temp\20230915T073805_999.exe
        13⤵
        Executes dropped EXE
        
        PID:4024

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\20230915T073705_233.exe

Filesize
5KB

MD5
b8a046e52e9db30b96c6b13c9698718a

SHA1
adca657acbb40030588190897960531d993d3979

SHA256
2faed98f45829444a9757e0462486407bf4dd6feb416ff806723229c1a5ec05a

SHA512
373bed8460a9cdad3747aef7b7c6c384233f4dafbd92460596233f53b62ef60dc7a64ab454c7aa61e311603664aadc75a5b0bb6443d6c4986e2c9abe46541b2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\20230915T073705_233.exe

Filesize
5KB

MD5
b8a046e52e9db30b96c6b13c9698718a

SHA1
adca657acbb40030588190897960531d993d3979

SHA256
2faed98f45829444a9757e0462486407bf4dd6feb416ff806723229c1a5ec05a

SHA512
373bed8460a9cdad3747aef7b7c6c384233f4dafbd92460596233f53b62ef60dc7a64ab454c7aa61e311603664aadc75a5b0bb6443d6c4986e2c9abe46541b2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\20230915T073705_233.exe

Filesize
5KB

MD5
b8a046e52e9db30b96c6b13c9698718a

SHA1
adca657acbb40030588190897960531d993d3979

SHA256
2faed98f45829444a9757e0462486407bf4dd6feb416ff806723229c1a5ec05a

SHA512
373bed8460a9cdad3747aef7b7c6c384233f4dafbd92460596233f53b62ef60dc7a64ab454c7aa61e311603664aadc75a5b0bb6443d6c4986e2c9abe46541b2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\20230915T073725_561.exe

Filesize
5KB

MD5
a5ab9a8fb92b876977f0663fbc3c9809

SHA1
7cceda319b88bdcd678c70fabf3ecb806912e842

SHA256
790f1b3b2bc011a5ba88833a668eb175d620a1b2ceb9543853f69bf8ebf2dff3

SHA512
af3ace687ce167eb85663362b2d9e15be27c3e5911fbe0b79f124c1fd0aa66c591eaabbcad3d09f76f7353cc6cd99c67a2c556ff8a8d49e664cf65ecd4576ffd

Download Submit
C:\Users\Admin\AppData\Local\Temp\20230915T073725_561.exe

Filesize
5KB

MD5
a5ab9a8fb92b876977f0663fbc3c9809

SHA1
7cceda319b88bdcd678c70fabf3ecb806912e842

SHA256
790f1b3b2bc011a5ba88833a668eb175d620a1b2ceb9543853f69bf8ebf2dff3

SHA512
af3ace687ce167eb85663362b2d9e15be27c3e5911fbe0b79f124c1fd0aa66c591eaabbcad3d09f76f7353cc6cd99c67a2c556ff8a8d49e664cf65ecd4576ffd

Download Submit
C:\Users\Admin\AppData\Local\Temp\20230915T073725_561.exe

Filesize
5KB

MD5
a5ab9a8fb92b876977f0663fbc3c9809

SHA1
7cceda319b88bdcd678c70fabf3ecb806912e842

SHA256
790f1b3b2bc011a5ba88833a668eb175d620a1b2ceb9543853f69bf8ebf2dff3

SHA512
af3ace687ce167eb85663362b2d9e15be27c3e5911fbe0b79f124c1fd0aa66c591eaabbcad3d09f76f7353cc6cd99c67a2c556ff8a8d49e664cf65ecd4576ffd

Download Submit
C:\Users\Admin\AppData\Local\Temp\20230915T073741_670.exe

Filesize
5KB

MD5
b263b26888e406912971c00567c7d58c

SHA1
0e6d27d93a829ad2674e43175aaf35b99e0a5911

SHA256
63a0cadbef4730b875a5891548cf09c687c03a509b7340c36fbd61a32b5e4cf0

SHA512
acef5d4b3e05b547f9f9ee5b7739aaa3115cb7ee14cd40f8f3cadcb8adae750917a7e4138a999bb31b949838c8a3122f872dc0196c892512d31a54ad04d25d87

Download Submit
C:\Users\Admin\AppData\Local\Temp\20230915T073741_670.exe

Filesize
5KB

MD5
b263b26888e406912971c00567c7d58c

SHA1
0e6d27d93a829ad2674e43175aaf35b99e0a5911

SHA256
63a0cadbef4730b875a5891548cf09c687c03a509b7340c36fbd61a32b5e4cf0

SHA512
acef5d4b3e05b547f9f9ee5b7739aaa3115cb7ee14cd40f8f3cadcb8adae750917a7e4138a999bb31b949838c8a3122f872dc0196c892512d31a54ad04d25d87

Download Submit
C:\Users\Admin\AppData\Local\Temp\20230915T073741_670.exe

Filesize
5KB

MD5
b263b26888e406912971c00567c7d58c

SHA1
0e6d27d93a829ad2674e43175aaf35b99e0a5911

SHA256
63a0cadbef4730b875a5891548cf09c687c03a509b7340c36fbd61a32b5e4cf0

SHA512
acef5d4b3e05b547f9f9ee5b7739aaa3115cb7ee14cd40f8f3cadcb8adae750917a7e4138a999bb31b949838c8a3122f872dc0196c892512d31a54ad04d25d87

Download Submit
C:\Users\Admin\AppData\Local\Temp\20230915T073805_999.exe

Filesize
5KB

MD5
24188d92a45f406fc8fa4a28b04f069f

SHA1
a34bbbe57f1d7fc2c922d62e274a939013791cf6

SHA256
f9c088d882ca57241cdd7d560f55551b7fcb86a308eccd64cedcbe3af5d64e2c

SHA512
c6e91add6b22cd1fd14611518ecd904e8b4c6b347fdc77134a1bc004b0a2e9b10a3bb886c9bc28627f32cf5562acbe97411f155570b548535d171bf9570b586d

Download Submit
C:\Users\Admin\AppData\Local\Temp\20230915T073805_999.exe

Filesize
5KB

MD5
24188d92a45f406fc8fa4a28b04f069f

SHA1
a34bbbe57f1d7fc2c922d62e274a939013791cf6

SHA256
f9c088d882ca57241cdd7d560f55551b7fcb86a308eccd64cedcbe3af5d64e2c

SHA512
c6e91add6b22cd1fd14611518ecd904e8b4c6b347fdc77134a1bc004b0a2e9b10a3bb886c9bc28627f32cf5562acbe97411f155570b548535d171bf9570b586d

Download Submit
C:\Users\Admin\AppData\Local\Temp\20230915T073805_999.exe

Filesize
5KB

MD5
24188d92a45f406fc8fa4a28b04f069f

SHA1
a34bbbe57f1d7fc2c922d62e274a939013791cf6

SHA256
f9c088d882ca57241cdd7d560f55551b7fcb86a308eccd64cedcbe3af5d64e2c

SHA512
c6e91add6b22cd1fd14611518ecd904e8b4c6b347fdc77134a1bc004b0a2e9b10a3bb886c9bc28627f32cf5562acbe97411f155570b548535d171bf9570b586d

Download Submit
C:\Users\Admin\AppData\Local\Temp\20231011T103549_848.exe

Filesize
5KB

MD5
7b0bb80a01d9568bc8b8ea6f0c76da40

SHA1
a109e47baeb1d109916aba43212545609b37f404

SHA256
cb2721e1d4b6414f5957144d0905fed07fdba312d2b2968b32a74da2ae13647c

SHA512
5db9d5e4fd770b7689d99b6314a009dbf70d195c554084258db608bf4f0420f6512c1fa711985308bc0bbbfec2ecdaf17503e7a8b7c7f8989a20c65d81389a3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\20231011T103549_848.exe

Filesize
5KB

MD5
7b0bb80a01d9568bc8b8ea6f0c76da40

SHA1
a109e47baeb1d109916aba43212545609b37f404

SHA256
cb2721e1d4b6414f5957144d0905fed07fdba312d2b2968b32a74da2ae13647c

SHA512
5db9d5e4fd770b7689d99b6314a009dbf70d195c554084258db608bf4f0420f6512c1fa711985308bc0bbbfec2ecdaf17503e7a8b7c7f8989a20c65d81389a3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\20231011T103549_848.exe

Filesize
5KB

MD5
7b0bb80a01d9568bc8b8ea6f0c76da40

SHA1
a109e47baeb1d109916aba43212545609b37f404

SHA256
cb2721e1d4b6414f5957144d0905fed07fdba312d2b2968b32a74da2ae13647c

SHA512
5db9d5e4fd770b7689d99b6314a009dbf70d195c554084258db608bf4f0420f6512c1fa711985308bc0bbbfec2ecdaf17503e7a8b7c7f8989a20c65d81389a3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\20231011T103620_457.exe

Filesize
5KB

MD5
fc3955fbcf56fead6c49843adb1ae0c6

SHA1
216b1dfea44df5f5a2ed36983a92161ef57ecd05

SHA256
c1c69cfb11373dd83716a78bf8196982ac152c9bce9a08872006732c9971db54

SHA512
0af948a7e3a3469c97533135cb2c1967fd9891d16074775d5ccc7350a423d9429cfd26e80f921bb9e388a018bf924198d45dfc95610cea0553d400b5d4be5adb

Download Submit
C:\Users\Admin\AppData\Local\Temp\20231011T103620_457.exe

Filesize
5KB

MD5
fc3955fbcf56fead6c49843adb1ae0c6

SHA1
216b1dfea44df5f5a2ed36983a92161ef57ecd05

SHA256
c1c69cfb11373dd83716a78bf8196982ac152c9bce9a08872006732c9971db54

SHA512
0af948a7e3a3469c97533135cb2c1967fd9891d16074775d5ccc7350a423d9429cfd26e80f921bb9e388a018bf924198d45dfc95610cea0553d400b5d4be5adb

Download Submit
C:\Users\Admin\AppData\Local\Temp\20231011T103620_457.exe

Filesize
5KB

MD5
fc3955fbcf56fead6c49843adb1ae0c6

SHA1
216b1dfea44df5f5a2ed36983a92161ef57ecd05

SHA256
c1c69cfb11373dd83716a78bf8196982ac152c9bce9a08872006732c9971db54

SHA512
0af948a7e3a3469c97533135cb2c1967fd9891d16074775d5ccc7350a423d9429cfd26e80f921bb9e388a018bf924198d45dfc95610cea0553d400b5d4be5adb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads