Analysis

  • max time kernel
    144s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-12-2023 16:04

General

  • Target

    e6ff3ddff3c367c4a70ad570a3e9976c.exe

  • Size

    974KB

  • MD5

    e6ff3ddff3c367c4a70ad570a3e9976c

  • SHA1

    00c3d8cbb6256f5423821199c604650e66c23483

  • SHA256

    a4444f0a097571c48c67c9be12830d11f37313afc17b33e713fcbef3ecd34672

  • SHA512

    2d268ab8d3751de695a8339ac5a30a8cc1f78f0318a2d55845cfedf74c289b78a4a96980a17dc2962779587cced1ab6f0f97ecab46f1302bc3a7f183eba0c436

  • SSDEEP

    24576:dgdhhQGGniba/WPpuvlBEaneHueYQFSMVpLV:dqj5s8+elYQFSMrV

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e6ff3ddff3c367c4a70ad570a3e9976c.exe
    "C:\Users\Admin\AppData\Local\Temp\e6ff3ddff3c367c4a70ad570a3e9976c.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:4040
    • C:\Program Files (x86)\hfsxkso\wj.exe
      "C:\Program Files (x86)\hfsxkso\wj.exe"
      2⤵
      • Executes dropped EXE
      PID:2044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\hfsxkso\wj.exe

    Filesize

    991KB

    MD5

    de9c65b96176fecf2f2e3f059856be04

    SHA1

    d40f69f3ce5ba74d57bca75aacf44d937754e01c

    SHA256

    ceca8dfc39381c0f3782b939f7f5f846bc179ebd5da8691ad1bf9898cc810592

    SHA512

    ec73dc890c5895ae40821fe9ce440c41556ce9813e0b6b603699147238dc11024e96b63eadafa9f0a77f8d99aded78eadc6e302191f5298bcdacb00a4a43e59d

  • memory/2044-5-0x0000000000400000-0x000000000045A000-memory.dmp

    Filesize

    360KB

  • memory/4040-4-0x0000000000400000-0x000000000045A000-memory.dmp

    Filesize

    360KB