ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172

Analysis

max time kernel
152s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
16/11/2023, 08:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
Size

13.4MB
MD5

30ae4c3bffab74b41ad48cd9a40e8ba9
SHA1

6a1b91994ec4bf69290daeafcf4246c23e79d6bc
SHA256

ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172
SHA512

9932d96b6f0c37e45270586fea3ebb8471928525438fed90cc7650ed0878e2b87efea22b61d4017d4f488a532759b6cec91f9b1e001d69d8c719f546dd0b9bc6
SSDEEP

393216:3QdhcVRMJuL20bimNqq2VH19DKRv5YGTw3:Adh6Prbixq2519kZQ

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4312 wrote to memory of 4620	4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe	91
PID 4312 wrote to memory of 4620	4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe	91
PID 4312 wrote to memory of 4620	4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe	91
PID 4312 wrote to memory of 2324	4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe	92
PID 4312 wrote to memory of 2324	4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe	92
PID 4312 wrote to memory of 2324	4312	ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe	92

C:\Users\Admin\AppData\Local\Temp\ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe
"C:\Users\Admin\AppData\Local\Temp\ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4312
- C:\Windows\SysWOW64\cmd.exe
  cmd /c del "C:\Users\Admin\AppData\Local\Temp\*0a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exe"
  2⤵
  PID:4620
- C:\Windows\SysWOW64\cmd.exe
  cmd /c del "C:\Users\Admin\AppData\Local\Temp\*.dll"
  2⤵
  PID:2324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ad6ee7517e64bc2a6c15a3c99033b8f1.ini

Filesize
1KB

MD5
5481f2810c0984def0d193331f3abeee

SHA1
e83301a675d4a0d36d190dab31c8eb8b5716f555

SHA256
3eed98fe69ebcd8ef41ff410db6f3effce764d462042fe5444cd0a6a833760ad

SHA512
197634fb21b56bd64500af722a5ba3bc66dc3b35c7cd12e0e7b96b353e90ef9c8a7902f0ee9a46638a5e428866381f9b44f1e14fca9f444327ca3b37ea53376c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ad6ee7517e64bc2a6c15a3c99033b8f1A.ini

Filesize
1KB

MD5
032c653b87953e79d6d8a004a752d60e

SHA1
e1587760d31a70c55931d8cb00f2929a959ddc02

SHA256
795dddba8beabac42dbff1e76f07bdff506b15f1dec20e4c3d6fdaf9c8532761

SHA512
c6e7f6dc957f0e2a1abae76bd3e3ba2c2d0699d8f7a79d162a39d60950e5cda39ae42dea7758c8c1366ba185903c809632d84e59d5144b3a8f2fe8680ae8d228

Download Submit
C:\Users\Admin\AppData\Local\Temp\ee40a6362824b3ee46296062a6add4a524214b0e4bb5fce6e625742cc59e3172.exepack.tmp

Filesize
2KB

MD5
bec24b3db788d45dced898037799d8d7

SHA1
c46d3da23af736af9a12a3567288c42e54e8af0d

SHA256
89b0796c6744a5a84dded7d76525867eaebd3d60ac3a025e5e50d2d0c16dcb93

SHA512
111111fd5adb2f4ae4e2d7474ea2e0ff7cafc5a7d15bcb03f52da5021da9734eace22da276885ea713d40f080a92dcb38dd1dfd0e220031df3ec93a1a482bb9d

Download Submit
memory/4312-342-0x0000000000400000-0x0000000001CBD000-memory.dmp

Filesize
24.7MB

Download
memory/4312-344-0x0000000000400000-0x0000000001CBD000-memory.dmp

Filesize
24.7MB

Download
memory/4312-5-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/4312-2-0x0000000000400000-0x0000000001CBD000-memory.dmp

Filesize
24.7MB

Download
memory/4312-1-0x0000000001DE0000-0x0000000001DE3000-memory.dmp

Filesize
12KB

Download
memory/4312-340-0x0000000000400000-0x0000000001CBD000-memory.dmp

Filesize
24.7MB

Download
memory/4312-341-0x0000000001DE0000-0x0000000001DE3000-memory.dmp

Filesize
12KB

Download
memory/4312-0-0x0000000000400000-0x0000000001CBD000-memory.dmp

Filesize
24.7MB

Download
memory/4312-343-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/4312-6-0x0000000000400000-0x0000000001CBD000-memory.dmp

Filesize
24.7MB

Download
memory/4312-345-0x0000000000400000-0x0000000001CBD000-memory.dmp

Filesize
24.7MB

Download
memory/4312-346-0x0000000000400000-0x0000000001CBD000-memory.dmp

Filesize
24.7MB

Download
memory/4312-347-0x0000000000400000-0x0000000001CBD000-memory.dmp

Filesize
24.7MB

Download
memory/4312-348-0x0000000000400000-0x0000000001CBD000-memory.dmp

Filesize
24.7MB

Download
memory/4312-349-0x0000000000400000-0x0000000001CBD000-memory.dmp

Filesize
24.7MB

Download
memory/4312-350-0x0000000000400000-0x0000000001CBD000-memory.dmp

Filesize
24.7MB

Download
memory/4312-351-0x0000000000400000-0x0000000001CBD000-memory.dmp

Filesize
24.7MB

Download
memory/4312-352-0x0000000000400000-0x0000000001CBD000-memory.dmp

Filesize
24.7MB

Download
memory/4312-353-0x0000000000400000-0x0000000001CBD000-memory.dmp

Filesize
24.7MB

Download
memory/4312-354-0x0000000000400000-0x0000000001CBD000-memory.dmp

Filesize
24.7MB

Download