Overview

overview

7

Static

static

3

tmp.exe

windows7-x64

7

tmp.exe

windows10-1703-x64

7

tmp.exe

windows10-2004-x64

7

Resubmissions

12-10-2023 15:39

231012-s3m1yshb4z 7

12-10-2023 15:38

231012-s3kktsbd27 7

Analysis

  • max time kernel
    141s
  • max time network
    73s
  • platform
    windows10-1703_x64
  • resource
    win10-20230915-en
  • resource tags

    arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
  • submitted
    12-10-2023 15:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tmp.exe

  • Size

    2.7MB

  • MD5

    c0ac13d00f939d24df4ed4e9e1ab21fb

  • SHA1

    2e4f8d8427a15607e9ba9a7e969416bae5a2ea8c

  • SHA256

    5f69521a094571ab662fe965626502dd9762b5ca74b78085eeb51b2f0447855c

  • SHA512

    19cdfac28d3994b0c3841631371b210501812ac806aae4398adb369a0a1ff1f3f2afff8c541e1b1fc1884fdc49b386a58fdae29d31b5e33fabce383fb994702e

  • SSDEEP

    49152:nCoOyER2D8J6eoR0SY6kn5U3IePCQOiMDTAWK8+zUCCIulWX/8/fmDJo:CAERGLmvHn5U3Ie+lEQf16uf0Jo

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\tmp.exe
    "C:\Users\Admin\AppData\Local\Temp\tmp.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:368
    • C:\Users\Admin\AppData\Local\Temp\is-ERMNA.tmp\tmp.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-ERMNA.tmp\tmp.tmp" /SL5="$50228,2388918,119296,C:\Users\Admin\AppData\Local\Temp\tmp.exe"
      2⤵
      • Executes dropped EXE
      PID:3468

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-ERMNA.tmp\tmp.tmp
    Filesize

    1.1MB

    MD5

    6a96bef4679e16a54b4090e74664dcca

    SHA1

    c8631c1624b98f6709b1ac37ce3956faed29bc30

    SHA256

    cb095356ddcfcbace96c6252fb73a267ed011c15ff206a7a9302007baa68a783

    SHA512

    924ab1e5c6ea72342eab6e78899a56c415e90020c46d3d8a81ae4da9276db7ea1df9684965a81fb95a6f2f9cf103b31413d67770eb15725ad04198c5d00037d0

    Download Submit

  • memory/368-1-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

  • memory/368-11-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

  • memory/3468-6-0x0000000000610000-0x0000000000611000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3468-13-0x0000000000400000-0x000000000052C000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/3468-14-0x0000000000610000-0x0000000000611000-memory.dmp

    Filesize

    4KB

    Download