ed54e1e3a038f76a2e65cd83d73cebff5ffcd358c3c179795c716b6c380d9d2f

Analysis

max time kernel
154s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2023, 09:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ed54e1e3a038f76a2e65cd83d73cebff5ffcd358c3c179795c716b6c380d9d2f.exe
Size

5KB
MD5

1ffec3a89c49bebcef21a5334f126ecf
SHA1

0a9f151feec42a8a63d63f75b6b6d26fd53f9cc4
SHA256

ed54e1e3a038f76a2e65cd83d73cebff5ffcd358c3c179795c716b6c380d9d2f
SHA512

c28e4eb39b020555eab5a1bdc26163e08156a78d5105991f036ac0a15dd6d875808b020d533c928367cdf3afa50d165700bd865712d68b9609ead52ec4b004e0
SSDEEP

96:VvtHdXgTvetmwQdwrOD7TrBxzBIaorDPPp:fdXKetmIrODBIaorDPPp

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 7 IoCs

pid	Process
520	20231011T090601_505.exe
3560	20231011T090626_724.exe
4316	20231011T090645_942.exe
4204	20231011T090702_786.exe
4520	20231011T090721_442.exe
4224	20231011T090736_395.exe
2248	20231011T090758_036.exe

Suspicious use of WriteProcessMemory 28 IoCs

description	pid	Process	procid_target
PID 1828 wrote to memory of 2052	1828	ed54e1e3a038f76a2e65cd83d73cebff5ffcd358c3c179795c716b6c380d9d2f.exe	94
PID 1828 wrote to memory of 2052	1828	ed54e1e3a038f76a2e65cd83d73cebff5ffcd358c3c179795c716b6c380d9d2f.exe	94
PID 2052 wrote to memory of 520	2052	cmd.exe	95
PID 2052 wrote to memory of 520	2052	cmd.exe	95
PID 520 wrote to memory of 3172	520	20231011T090601_505.exe	100
PID 520 wrote to memory of 3172	520	20231011T090601_505.exe	100
PID 3172 wrote to memory of 3560	3172	cmd.exe	101
PID 3172 wrote to memory of 3560	3172	cmd.exe	101
PID 3560 wrote to memory of 544	3560	20231011T090626_724.exe	102
PID 3560 wrote to memory of 544	3560	20231011T090626_724.exe	102
PID 544 wrote to memory of 4316	544	cmd.exe	103
PID 544 wrote to memory of 4316	544	cmd.exe	103
PID 4316 wrote to memory of 4196	4316	20231011T090645_942.exe	105
PID 4316 wrote to memory of 4196	4316	20231011T090645_942.exe	105
PID 4196 wrote to memory of 4204	4196	cmd.exe	106
PID 4196 wrote to memory of 4204	4196	cmd.exe	106
PID 4204 wrote to memory of 2940	4204	20231011T090702_786.exe	107
PID 4204 wrote to memory of 2940	4204	20231011T090702_786.exe	107
PID 2940 wrote to memory of 4520	2940	cmd.exe	108
PID 2940 wrote to memory of 4520	2940	cmd.exe	108
PID 4520 wrote to memory of 4064	4520	20231011T090721_442.exe	117
PID 4520 wrote to memory of 4064	4520	20231011T090721_442.exe	117
PID 4064 wrote to memory of 4224	4064	cmd.exe	118
PID 4064 wrote to memory of 4224	4064	cmd.exe	118
PID 4224 wrote to memory of 1644	4224	20231011T090736_395.exe	120
PID 4224 wrote to memory of 1644	4224	20231011T090736_395.exe	120
PID 1644 wrote to memory of 2248	1644	cmd.exe	121
PID 1644 wrote to memory of 2248	1644	cmd.exe	121

C:\Users\Admin\AppData\Local\Temp\ed54e1e3a038f76a2e65cd83d73cebff5ffcd358c3c179795c716b6c380d9d2f.exe
"C:\Users\Admin\AppData\Local\Temp\ed54e1e3a038f76a2e65cd83d73cebff5ffcd358c3c179795c716b6c380d9d2f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1828
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\20231011T090601_505.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2052
- - C:\Users\Admin\AppData\Local\Temp\20231011T090601_505.exe
    C:\Users\Admin\AppData\Local\Temp\20231011T090601_505.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:520
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\20231011T090626_724.exe
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3172
    - - C:\Users\Admin\AppData\Local\Temp\20231011T090626_724.exe
        
        C:\Users\Admin\AppData\Local\Temp\20231011T090626_724.exe
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3560
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\20231011T090645_942.exe
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\20231011T090645_942.exe
        
        C:\Users\Admin\AppData\Local\Temp\20231011T090645_942.exe
        7⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4316
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\20231011T090702_786.exe
        8⤵
        Suspicious use of WriteProcessMemory
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\20231011T090702_786.exe
        
        C:\Users\Admin\AppData\Local\Temp\20231011T090702_786.exe
        9⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4204
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\20231011T090721_442.exe
        10⤵
        Suspicious use of WriteProcessMemory
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\20231011T090721_442.exe
        
        C:\Users\Admin\AppData\Local\Temp\20231011T090721_442.exe
        11⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4520
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\20231011T090736_395.exe
        12⤵
        Suspicious use of WriteProcessMemory
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\20231011T090736_395.exe
        
        C:\Users\Admin\AppData\Local\Temp\20231011T090736_395.exe
        13⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4224
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\20231011T090758_036.exe
        14⤵
        Suspicious use of WriteProcessMemory
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\20231011T090758_036.exe
        
        C:\Users\Admin\AppData\Local\Temp\20231011T090758_036.exe
        15⤵
        Executes dropped EXE
        
        PID:2248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\20231011T090601_505.exe

Filesize
5KB

MD5
8dd7588b8c024e0620a68c81ceea1028

SHA1
b5218170b515e2b16004e637763b0f5f4dc6e136

SHA256
04b83db5ea5d6de09918d979b48a58f8eb68cbb804ba42a5ef0b3c7c99a89180

SHA512
8fb01808155e32dfc05a5b97027b465dbd9998984029ec90e490a03ef6bbec26f46ab5f8c9d09209f0258a2a3fccc8dbf9b90e00e4b49ccb7a5004e8285cd376

Download Submit
C:\Users\Admin\AppData\Local\Temp\20231011T090601_505.exe

Filesize
5KB

MD5
8dd7588b8c024e0620a68c81ceea1028

SHA1
b5218170b515e2b16004e637763b0f5f4dc6e136

SHA256
04b83db5ea5d6de09918d979b48a58f8eb68cbb804ba42a5ef0b3c7c99a89180

SHA512
8fb01808155e32dfc05a5b97027b465dbd9998984029ec90e490a03ef6bbec26f46ab5f8c9d09209f0258a2a3fccc8dbf9b90e00e4b49ccb7a5004e8285cd376

Download Submit
C:\Users\Admin\AppData\Local\Temp\20231011T090601_505.exe

Filesize
5KB

MD5
8dd7588b8c024e0620a68c81ceea1028

SHA1
b5218170b515e2b16004e637763b0f5f4dc6e136

SHA256
04b83db5ea5d6de09918d979b48a58f8eb68cbb804ba42a5ef0b3c7c99a89180

SHA512
8fb01808155e32dfc05a5b97027b465dbd9998984029ec90e490a03ef6bbec26f46ab5f8c9d09209f0258a2a3fccc8dbf9b90e00e4b49ccb7a5004e8285cd376

Download Submit
C:\Users\Admin\AppData\Local\Temp\20231011T090626_724.exe

Filesize
5KB

MD5
10583c5b44a27d9b2d2eae60caa2dee1

SHA1
daff88c46c6c63db44ddc61fcc796f29c8eaca3e

SHA256
d1afec96a27c0b641b456755a3571f8d263dd9386a1a4f3ec1f1cfb5ba690bed

SHA512
1027b89a1d6243d01b6c474a3701c84d413241b961a5a9712937e01b769a152971a6941907e2483577c2850870de68a0660d9f30cb6b287f60adcb02681e8724

Download Submit
C:\Users\Admin\AppData\Local\Temp\20231011T090626_724.exe

Filesize
5KB

MD5
10583c5b44a27d9b2d2eae60caa2dee1

SHA1
daff88c46c6c63db44ddc61fcc796f29c8eaca3e

SHA256
d1afec96a27c0b641b456755a3571f8d263dd9386a1a4f3ec1f1cfb5ba690bed

SHA512
1027b89a1d6243d01b6c474a3701c84d413241b961a5a9712937e01b769a152971a6941907e2483577c2850870de68a0660d9f30cb6b287f60adcb02681e8724

Download Submit
C:\Users\Admin\AppData\Local\Temp\20231011T090626_724.exe

Filesize
5KB

MD5
10583c5b44a27d9b2d2eae60caa2dee1

SHA1
daff88c46c6c63db44ddc61fcc796f29c8eaca3e

SHA256
d1afec96a27c0b641b456755a3571f8d263dd9386a1a4f3ec1f1cfb5ba690bed

SHA512
1027b89a1d6243d01b6c474a3701c84d413241b961a5a9712937e01b769a152971a6941907e2483577c2850870de68a0660d9f30cb6b287f60adcb02681e8724

Download Submit
C:\Users\Admin\AppData\Local\Temp\20231011T090645_942.exe

Filesize
5KB

MD5
1878a52f4a0106279df6e8ca8be7a664

SHA1
49c760bce7a665777d3e1fd76a1d0e92c20a0988

SHA256
753f7f9a204a670a15c4e254f0aa7ec5fad1583f677ea7ab8520c3ffa1e05494

SHA512
08622a2f2742d3e8c4fbedc47f1969adff34bc26b6d0b15296f3172a4c762c6c987d0545922ca5dd71bd1ac9518c1d8cde008924f55b7628251b29508e72361a

Download Submit
C:\Users\Admin\AppData\Local\Temp\20231011T090645_942.exe

Filesize
5KB

MD5
1878a52f4a0106279df6e8ca8be7a664

SHA1
49c760bce7a665777d3e1fd76a1d0e92c20a0988

SHA256
753f7f9a204a670a15c4e254f0aa7ec5fad1583f677ea7ab8520c3ffa1e05494

SHA512
08622a2f2742d3e8c4fbedc47f1969adff34bc26b6d0b15296f3172a4c762c6c987d0545922ca5dd71bd1ac9518c1d8cde008924f55b7628251b29508e72361a

Download Submit
C:\Users\Admin\AppData\Local\Temp\20231011T090645_942.exe

Filesize
5KB

MD5
1878a52f4a0106279df6e8ca8be7a664

SHA1
49c760bce7a665777d3e1fd76a1d0e92c20a0988

SHA256
753f7f9a204a670a15c4e254f0aa7ec5fad1583f677ea7ab8520c3ffa1e05494

SHA512
08622a2f2742d3e8c4fbedc47f1969adff34bc26b6d0b15296f3172a4c762c6c987d0545922ca5dd71bd1ac9518c1d8cde008924f55b7628251b29508e72361a

Download Submit
C:\Users\Admin\AppData\Local\Temp\20231011T090702_786.exe

Filesize
5KB

MD5
1547fa09225a879ddc4fb78656b69c71

SHA1
8aa8221d01c2102b1d338121142c897744a5678a

SHA256
83e4748cba31c8b8b12293d8471f207dceec20e6ccd13c57902887b9eea0fd6a

SHA512
e0f7a1f7a66d3aa43897c84abbbcb3135e125c5f9fa5119141fe20b65ca6f35e4a452af83bb3e56f1851b9308f4da7b13c66560bf200b985d8484d334af42e6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\20231011T090702_786.exe

Filesize
5KB

MD5
1547fa09225a879ddc4fb78656b69c71

SHA1
8aa8221d01c2102b1d338121142c897744a5678a

SHA256
83e4748cba31c8b8b12293d8471f207dceec20e6ccd13c57902887b9eea0fd6a

SHA512
e0f7a1f7a66d3aa43897c84abbbcb3135e125c5f9fa5119141fe20b65ca6f35e4a452af83bb3e56f1851b9308f4da7b13c66560bf200b985d8484d334af42e6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\20231011T090702_786.exe

Filesize
5KB

MD5
1547fa09225a879ddc4fb78656b69c71

SHA1
8aa8221d01c2102b1d338121142c897744a5678a

SHA256
83e4748cba31c8b8b12293d8471f207dceec20e6ccd13c57902887b9eea0fd6a

SHA512
e0f7a1f7a66d3aa43897c84abbbcb3135e125c5f9fa5119141fe20b65ca6f35e4a452af83bb3e56f1851b9308f4da7b13c66560bf200b985d8484d334af42e6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\20231011T090721_442.exe

Filesize
5KB

MD5
6970aa9ab01ca8fa33ad7a8e367efcd7

SHA1
fe8ebcdb9396b62d8e5ec6bad701319da2cf1cfd

SHA256
3c1c1dca106733622de1b9a43f8482b532a2cc0ddea4ee1a418ff6081883c4f5

SHA512
b460a477fdae19e5a90e2e6e1a16cf0e5043e869e23c709ebed8364b08b9e6de73197603cb35d7c90d5bcb7ffb370fd276d4f3cdef8dedf09031d3be39cfa361

Download Submit
C:\Users\Admin\AppData\Local\Temp\20231011T090721_442.exe

Filesize
5KB

MD5
6970aa9ab01ca8fa33ad7a8e367efcd7

SHA1
fe8ebcdb9396b62d8e5ec6bad701319da2cf1cfd

SHA256
3c1c1dca106733622de1b9a43f8482b532a2cc0ddea4ee1a418ff6081883c4f5

SHA512
b460a477fdae19e5a90e2e6e1a16cf0e5043e869e23c709ebed8364b08b9e6de73197603cb35d7c90d5bcb7ffb370fd276d4f3cdef8dedf09031d3be39cfa361

Download Submit
C:\Users\Admin\AppData\Local\Temp\20231011T090721_442.exe

Filesize
5KB

MD5
6970aa9ab01ca8fa33ad7a8e367efcd7

SHA1
fe8ebcdb9396b62d8e5ec6bad701319da2cf1cfd

SHA256
3c1c1dca106733622de1b9a43f8482b532a2cc0ddea4ee1a418ff6081883c4f5

SHA512
b460a477fdae19e5a90e2e6e1a16cf0e5043e869e23c709ebed8364b08b9e6de73197603cb35d7c90d5bcb7ffb370fd276d4f3cdef8dedf09031d3be39cfa361

Download Submit
C:\Users\Admin\AppData\Local\Temp\20231011T090736_395.exe

Filesize
5KB

MD5
f15cbdb7fc3805b11e0c8bc08cc8b259

SHA1
01bee499d037c8a627651d9c4c2b10ab9614ecae

SHA256
cda516a7b0db0459812f59daa9510f911629b757346f5b3c4706c84247e53fa1

SHA512
f9708a9e6cd5bc1c4cd2bb441f7c7d2db03e99d22e8b46b9b76f0b7332d9c82090021cf3297de917fb3da64012ba5ebc7851105b7ab298322a75afc457e5fa1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\20231011T090736_395.exe

Filesize
5KB

MD5
f15cbdb7fc3805b11e0c8bc08cc8b259

SHA1
01bee499d037c8a627651d9c4c2b10ab9614ecae

SHA256
cda516a7b0db0459812f59daa9510f911629b757346f5b3c4706c84247e53fa1

SHA512
f9708a9e6cd5bc1c4cd2bb441f7c7d2db03e99d22e8b46b9b76f0b7332d9c82090021cf3297de917fb3da64012ba5ebc7851105b7ab298322a75afc457e5fa1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\20231011T090736_395.exe

Filesize
5KB

MD5
f15cbdb7fc3805b11e0c8bc08cc8b259

SHA1
01bee499d037c8a627651d9c4c2b10ab9614ecae

SHA256
cda516a7b0db0459812f59daa9510f911629b757346f5b3c4706c84247e53fa1

SHA512
f9708a9e6cd5bc1c4cd2bb441f7c7d2db03e99d22e8b46b9b76f0b7332d9c82090021cf3297de917fb3da64012ba5ebc7851105b7ab298322a75afc457e5fa1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\20231011T090758_036.exe

Filesize
5KB

MD5
850d6a0e12f360dc2f95d2ff9e3fc876

SHA1
2e019f8b45a2d4084911e1a9d7104fbf7744c763

SHA256
b62db39b4a1df0f07f553c6152d2e2b980fd0fc766f2f3f0a5700173a0c49cc0

SHA512
610c5ef8fc18f4c0d51cc4812afa591fdfce15e66c38f0c24847d0fbfbf99e78b31a951606b777c22093df0fd40639c29bc9fe66b5d154d7611f6e0ba48fd11c

Download Submit
C:\Users\Admin\AppData\Local\Temp\20231011T090758_036.exe

Filesize
5KB

MD5
850d6a0e12f360dc2f95d2ff9e3fc876

SHA1
2e019f8b45a2d4084911e1a9d7104fbf7744c763

SHA256
b62db39b4a1df0f07f553c6152d2e2b980fd0fc766f2f3f0a5700173a0c49cc0

SHA512
610c5ef8fc18f4c0d51cc4812afa591fdfce15e66c38f0c24847d0fbfbf99e78b31a951606b777c22093df0fd40639c29bc9fe66b5d154d7611f6e0ba48fd11c

Download Submit
C:\Users\Admin\AppData\Local\Temp\20231011T090758_036.exe

Filesize
5KB

MD5
850d6a0e12f360dc2f95d2ff9e3fc876

SHA1
2e019f8b45a2d4084911e1a9d7104fbf7744c763

SHA256
b62db39b4a1df0f07f553c6152d2e2b980fd0fc766f2f3f0a5700173a0c49cc0

SHA512
610c5ef8fc18f4c0d51cc4812afa591fdfce15e66c38f0c24847d0fbfbf99e78b31a951606b777c22093df0fd40639c29bc9fe66b5d154d7611f6e0ba48fd11c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads