25d9d702b93e75aad585c05658042fc5b209240c1f62774d9428cb4cfe0673bb

Analysis

max time kernel
17s
max time network
24s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
05/11/2023, 05:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

telagem.exe
Size

6.7MB
MD5

2208245c7ce9cffd53dee4847f76c905
SHA1

e235761b215c2aeceb620e7097e354d0b0210037
SHA256

25d9d702b93e75aad585c05658042fc5b209240c1f62774d9428cb4cfe0673bb
SHA512

267039f9c9f6e233d28e78c32d5a8e83ea9d4c78d1a18b588b05cc96a28eaaf6115bb4d353b2b4ec56fba7185b670d0960c6e910f35e9feba54e343b28cda8cc
SSDEEP

196608:U0PX4FMIZETKwjPePdrQJ/Bd1WutYPjo:nQETKwvJH1WWao

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2460	telagem.exe
2460	telagem.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2868 wrote to memory of 2460	2868	telagem.exe	85
PID 2868 wrote to memory of 2460	2868	telagem.exe	85
PID 2460 wrote to memory of 1260	2460	telagem.exe	87
PID 2460 wrote to memory of 1260	2460	telagem.exe	87
PID 2460 wrote to memory of 384	2460	telagem.exe	88
PID 2460 wrote to memory of 384	2460	telagem.exe	88
PID 2460 wrote to memory of 1496	2460	telagem.exe	95
PID 2460 wrote to memory of 1496	2460	telagem.exe	95

C:\Users\Admin\AppData\Local\Temp\telagem.exe
"C:\Users\Admin\AppData\Local\Temp\telagem.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2868
- C:\Users\Admin\AppData\Local\Temp\telagem.exe
  "C:\Users\Admin\AppData\Local\Temp\telagem.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2460
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c copy telagem.exe C:\
    3⤵
    PID:1260
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c start 'C: elagem.exe'
    3⤵
    PID:384
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c pause
    3⤵
    PID:1496

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI28682\VCRUNTIME140.dll

Filesize
106KB

MD5
4585a96cc4eef6aafd5e27ea09147dc6

SHA1
489cfff1b19abbec98fda26ac8958005e88dd0cb

SHA256
a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736

SHA512
d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28682\VCRUNTIME140.dll

Filesize
106KB

MD5
4585a96cc4eef6aafd5e27ea09147dc6

SHA1
489cfff1b19abbec98fda26ac8958005e88dd0cb

SHA256
a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736

SHA512
d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28682\base_library.zip

Filesize
1.8MB

MD5
83b06d6f90f33c512eee102a649279f6

SHA1
96e5734c6d26b9ae9ed3fc3251e8c56ed9d468db

SHA256
1a2fd2bb30f1250cb552cb17839f806602da1559e29adbee5508b6e490306a73

SHA512
3404d4a06e75837b4b3b3bc53141e517feca93362e35cb1a18fee8d3799b4ca2e7c4c4a121d535446d05abd09bb9a0eb5577c748db65c544283575e065e64845

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28682\python311.dll

Filesize
5.5MB

MD5
5a5dd7cad8028097842b0afef45bfbcf

SHA1
e247a2e460687c607253949c52ae2801ff35dc4a

SHA256
a811c7516f531f1515d10743ae78004dd627eba0dc2d3bc0d2e033b2722043ce

SHA512
e6268e4fad2ce3ef16b68298a57498e16f0262bf3531539ad013a66f72df471569f94c6fcc48154b7c3049a3ad15cbfcbb6345dacb4f4ed7d528c74d589c9858

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28682\python311.dll

Filesize
5.5MB

MD5
5a5dd7cad8028097842b0afef45bfbcf

SHA1
e247a2e460687c607253949c52ae2801ff35dc4a

SHA256
a811c7516f531f1515d10743ae78004dd627eba0dc2d3bc0d2e033b2722043ce

SHA512
e6268e4fad2ce3ef16b68298a57498e16f0262bf3531539ad013a66f72df471569f94c6fcc48154b7c3049a3ad15cbfcbb6345dacb4f4ed7d528c74d589c9858

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads