aad2a1a8f2d1d2ad22d88f0e25062f8eb7c30005b1c8d33e3bfa602c6fbe54f7

Analysis

max time kernel
155s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2023, 14:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

aad2a1a8f2d1d2ad22d88f0e25062f8eb7c30005b1c8d33e3bfa602c6fbe54f7.exe
Size

969KB
MD5

5f4fe30f98d341dcb6ed7af042f10751
SHA1

371827943671245563fd9e702d0f81094066c1d8
SHA256

aad2a1a8f2d1d2ad22d88f0e25062f8eb7c30005b1c8d33e3bfa602c6fbe54f7
SHA512

a9ba60d53b3b7369dbe6b1b94bb9c29f4880bf23e2f7dd8e05a9d6d0281000eeefafb97bb7d3db4e242e76f659cbac7330e016b9dc034c81f7403e052b2fdda6
SSDEEP

24576:kVMz3mFedVMYMSoOSn/R2VEKICX1/uQig+SWS:aMz3mFedVc52VEKICX1/uQmT

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
4236	2023-10-12-2110.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\system32\CitiesBase.dll	2023-10-12-2110.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4820	aad2a1a8f2d1d2ad22d88f0e25062f8eb7c30005b1c8d33e3bfa602c6fbe54f7.exe
4820	aad2a1a8f2d1d2ad22d88f0e25062f8eb7c30005b1c8d33e3bfa602c6fbe54f7.exe
4820	aad2a1a8f2d1d2ad22d88f0e25062f8eb7c30005b1c8d33e3bfa602c6fbe54f7.exe
4820	aad2a1a8f2d1d2ad22d88f0e25062f8eb7c30005b1c8d33e3bfa602c6fbe54f7.exe
4820	aad2a1a8f2d1d2ad22d88f0e25062f8eb7c30005b1c8d33e3bfa602c6fbe54f7.exe
4820	aad2a1a8f2d1d2ad22d88f0e25062f8eb7c30005b1c8d33e3bfa602c6fbe54f7.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe
4236	2023-10-12-2110.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4820 wrote to memory of 4236	4820	aad2a1a8f2d1d2ad22d88f0e25062f8eb7c30005b1c8d33e3bfa602c6fbe54f7.exe	87
PID 4820 wrote to memory of 4236	4820	aad2a1a8f2d1d2ad22d88f0e25062f8eb7c30005b1c8d33e3bfa602c6fbe54f7.exe	87

C:\Users\Admin\AppData\Local\Temp\aad2a1a8f2d1d2ad22d88f0e25062f8eb7c30005b1c8d33e3bfa602c6fbe54f7.exe
"C:\Users\Admin\AppData\Local\Temp\aad2a1a8f2d1d2ad22d88f0e25062f8eb7c30005b1c8d33e3bfa602c6fbe54f7.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4820
- C:\Users\Admin\AppData\Local\Temp\2023-10-12-2110.exe
  "C:\Users\Admin\AppData\Local\Temp\2023-10-12-2110.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4236

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2023-10-12-2110.exe

Filesize
976KB

MD5
d287a32a29827150d2c189e9d645688d

SHA1
ffafaaabf3e1376ee351980ef87154a0316df2b5

SHA256
bb152b42a5d316ffe21614ca1455483d0d49b46196db050caa9f71777505aaf4

SHA512
628822c49b524d885838725933141a60982fd3ee7d948edf0567f56946bd51f10b57fe0032db77c7431a699f4396f03dbe54b6e7639d44b2a7b2240a202044bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\2023-10-12-2110.exe

Filesize
976KB

MD5
d287a32a29827150d2c189e9d645688d

SHA1
ffafaaabf3e1376ee351980ef87154a0316df2b5

SHA256
bb152b42a5d316ffe21614ca1455483d0d49b46196db050caa9f71777505aaf4

SHA512
628822c49b524d885838725933141a60982fd3ee7d948edf0567f56946bd51f10b57fe0032db77c7431a699f4396f03dbe54b6e7639d44b2a7b2240a202044bf

Download Submit
memory/4236-17-0x000002D3F8840000-0x000002D3F8841000-memory.dmp

Filesize
4KB

Download
memory/4236-16-0x00007FF8BEE50000-0x00007FF8BF045000-memory.dmp

Filesize
2.0MB

Download
memory/4236-23-0x000002D3F8840000-0x000002D3F8841000-memory.dmp

Filesize
4KB

Download
memory/4236-22-0x00007FF8BEE50000-0x00007FF8BF045000-memory.dmp

Filesize
2.0MB

Download
memory/4236-21-0x000002D3F8830000-0x000002D3F8831000-memory.dmp

Filesize
4KB

Download
memory/4236-20-0x00007FF8BEE50000-0x00007FF8BF045000-memory.dmp

Filesize
2.0MB

Download
memory/4236-19-0x000002D3F8830000-0x000002D3F8831000-memory.dmp

Filesize
4KB

Download
memory/4236-18-0x00007FF8BEE50000-0x00007FF8BF045000-memory.dmp

Filesize
2.0MB

Download
memory/4236-12-0x00007FF8BEE50000-0x00007FF8BF045000-memory.dmp

Filesize
2.0MB

Download
memory/4236-13-0x000002D3F8830000-0x000002D3F8831000-memory.dmp

Filesize
4KB

Download
memory/4236-14-0x00007FF8BEE50000-0x00007FF8BF045000-memory.dmp

Filesize
2.0MB

Download
memory/4236-15-0x000002D3F8830000-0x000002D3F8831000-memory.dmp

Filesize
4KB

Download
memory/4820-2-0x00007FF8BEE50000-0x00007FF8BF045000-memory.dmp

Filesize
2.0MB

Download
memory/4820-0-0x00007FF8BEE50000-0x00007FF8BF045000-memory.dmp

Filesize
2.0MB

Download
memory/4820-11-0x00007FF8BEE50000-0x00007FF8BF045000-memory.dmp

Filesize
2.0MB

Download
memory/4820-1-0x0000016B12600000-0x0000016B12601000-memory.dmp

Filesize
4KB

Download
memory/4820-3-0x00007FF8BEE50000-0x00007FF8BF045000-memory.dmp

Filesize
2.0MB

Download
memory/4820-6-0x0000016B12600000-0x0000016B12601000-memory.dmp

Filesize
4KB

Download
memory/4820-5-0x00007FF8BEE50000-0x00007FF8BF045000-memory.dmp

Filesize
2.0MB

Download
memory/4820-4-0x0000016B12610000-0x0000016B12611000-memory.dmp

Filesize
4KB

Download