1a94cb45041d8ced1b80273edf82f32c865cdab50737621ceb6f2123a72d998b

Analysis

max time kernel
144s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
13-10-2023 13:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1a94cb45041d8ced1b80273edf82f32c865cdab50737621ceb6f2123a72d998b.exe
Size

14.7MB
MD5

5310c5d1b22e9a93e6fd9f485d36cb24
SHA1

4f11bbdb5f7f289c42ad83fa8a19e01973f1d5a3
SHA256

1a94cb45041d8ced1b80273edf82f32c865cdab50737621ceb6f2123a72d998b
SHA512

8c47561789c861c7e901ee0729276a8fcf23c1cb13be0863de8194ef3f5328ddb66fa4708813bd01ec79b6cdf7294d9b16b42c416fd3ca6d70ecca2a0a01b2d0
SSDEEP

393216:EV0vQWz99TdizRzol+g3viKW/60r9zR+OsOge:a0vBzdYoDKL7TsW

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

1a94cb45041d8ced1b80273edf82f32c865cdab50737621ceb6f2123a72d998b.exe

pid	process
1564	1a94cb45041d8ced1b80273edf82f32c865cdab50737621ceb6f2123a72d998b.exe
1564	1a94cb45041d8ced1b80273edf82f32c865cdab50737621ceb6f2123a72d998b.exe
1564	1a94cb45041d8ced1b80273edf82f32c865cdab50737621ceb6f2123a72d998b.exe
1564	1a94cb45041d8ced1b80273edf82f32c865cdab50737621ceb6f2123a72d998b.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

1a94cb45041d8ced1b80273edf82f32c865cdab50737621ceb6f2123a72d998b.exe

description	pid	process	target process
PID 1564 wrote to memory of 4564	1564	1a94cb45041d8ced1b80273edf82f32c865cdab50737621ceb6f2123a72d998b.exe	cmd.exe
PID 1564 wrote to memory of 4564	1564	1a94cb45041d8ced1b80273edf82f32c865cdab50737621ceb6f2123a72d998b.exe	cmd.exe
PID 1564 wrote to memory of 4564	1564	1a94cb45041d8ced1b80273edf82f32c865cdab50737621ceb6f2123a72d998b.exe	cmd.exe
PID 1564 wrote to memory of 464	1564	1a94cb45041d8ced1b80273edf82f32c865cdab50737621ceb6f2123a72d998b.exe	cmd.exe
PID 1564 wrote to memory of 464	1564	1a94cb45041d8ced1b80273edf82f32c865cdab50737621ceb6f2123a72d998b.exe	cmd.exe
PID 1564 wrote to memory of 464	1564	1a94cb45041d8ced1b80273edf82f32c865cdab50737621ceb6f2123a72d998b.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\1a94cb45041d8ced1b80273edf82f32c865cdab50737621ceb6f2123a72d998b.exe
"C:\Users\Admin\AppData\Local\Temp\1a94cb45041d8ced1b80273edf82f32c865cdab50737621ceb6f2123a72d998b.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1564

C:\Windows\SysWOW64\cmd.exe
cmd /c del "C:\Users\Admin\AppData\Local\Temp\*4cb45041d8ced1b80273edf82f32c865cdab50737621ceb6f2123a72d998b.exe"
2⤵
PID:4564

C:\Windows\SysWOW64\cmd.exe
cmd /c del "C:\Users\Admin\AppData\Local\Temp\*.dll"
2⤵
PID:464

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1a94cb45041d8ced1b80273edf82f32c865cdab50737621ceb6f2123a72d998b.exepack.tmp
Filesize
2KB

MD5
bb926f5c513a3b17329953b9abf883b4

SHA1
c50ad74e77564716ecb1e7a55d7399cb7f43fc9c

SHA256
832a829f0186fd556955ebe1c0504ea63f5d242215a1939a535834167cfceb1b

SHA512
db84f170164f3d229e0ee4320951e288291ae1222cc7ddf9cd413d15801edf63fe062bd47155ecb61f3c3ea426707a74065e070b2bde0b592f0f52edbf279ae1

Download Submit
C:\Users\Admin\AppData\Local\Temp\b6905004ad0b4b2ce6c29da0af270168.ini
Filesize
1KB

MD5
41a76be28a92c7c81455fc63e4546e70

SHA1
9c676cda2bf6f7baf57b4e44290de2bc343dada0

SHA256
d01b3cce5a64e600a2a0cbd2f793112869cefdc85215ddf058cce265adabe375

SHA512
c88bc72b17d26da1e2caf33ac9cd811cfc0e1f04bfc13c5a15cdca8b58266650d32ce9db234dcdfbdd07753fc83733d770e24e526fec23973a6e8507a5800a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\b6905004ad0b4b2ce6c29da0af270168A.ini
Filesize
1KB

MD5
d07c0db3bcbbcd9e549377020f320624

SHA1
cca0f78d1a5dcd8231f6c13b38c67c51431bc5ff

SHA256
6ddf45fb9412348721ad0af7832c18a7daf641d6dc8cadc1fdcb56becc04ef84

SHA512
c01e604ae9cca670660a159724b161d7c1ce06ac715224523ad18ae1b80225809e0eac3185150c3afb36187cad8ee15ee1a92d6bece2bca0c10690dc8bb1200a

Download Submit
memory/1564-350-0x0000000000400000-0x0000000001DCE000-memory.dmp

Filesize
25.8MB

Download
memory/1564-352-0x0000000000400000-0x0000000001DCE000-memory.dmp

Filesize
25.8MB

Download
memory/1564-2-0x0000000000400000-0x0000000001DCE000-memory.dmp

Filesize
25.8MB

Download
memory/1564-1-0x0000000002040000-0x0000000002043000-memory.dmp

Filesize
12KB

Download
memory/1564-347-0x0000000000400000-0x0000000001DCE000-memory.dmp

Filesize
25.8MB

Download
memory/1564-348-0x0000000002040000-0x0000000002043000-memory.dmp

Filesize
12KB

Download
memory/1564-349-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/1564-0-0x0000000000400000-0x0000000001DCE000-memory.dmp

Filesize
25.8MB

Download
memory/1564-351-0x0000000000400000-0x0000000001DCE000-memory.dmp

Filesize
25.8MB

Download
memory/1564-5-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/1564-353-0x0000000000400000-0x0000000001DCE000-memory.dmp

Filesize
25.8MB

Download
memory/1564-354-0x0000000000400000-0x0000000001DCE000-memory.dmp

Filesize
25.8MB

Download
memory/1564-355-0x0000000000400000-0x0000000001DCE000-memory.dmp

Filesize
25.8MB

Download
memory/1564-356-0x0000000000400000-0x0000000001DCE000-memory.dmp

Filesize
25.8MB

Download
memory/1564-357-0x0000000000400000-0x0000000001DCE000-memory.dmp

Filesize
25.8MB

Download
memory/1564-358-0x0000000000400000-0x0000000001DCE000-memory.dmp

Filesize
25.8MB

Download
memory/1564-359-0x0000000000400000-0x0000000001DCE000-memory.dmp

Filesize
25.8MB

Download
memory/1564-360-0x0000000000400000-0x0000000001DCE000-memory.dmp

Filesize
25.8MB

Download
memory/1564-361-0x0000000000400000-0x0000000001DCE000-memory.dmp

Filesize
25.8MB

Download
memory/1564-362-0x0000000000400000-0x0000000001DCE000-memory.dmp

Filesize
25.8MB

Download