8f15f5210e14f3e434bc28ee453b32becab1a0fb7a26836658e4aa88e0c2c6d7

Analysis

max time kernel
91s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
24-12-2023 21:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

13e80d3ee65a3c5eb86db45ed2c41ba8.exe
Size

298KB
MD5

13e80d3ee65a3c5eb86db45ed2c41ba8
SHA1

bdcbe3b7e78a8627988e6105900038925be01ccb
SHA256

8f15f5210e14f3e434bc28ee453b32becab1a0fb7a26836658e4aa88e0c2c6d7
SHA512

3ec8b718450c96c7402fd8bf41f243566cfc433debcccc1ce7b31d52867fe3f41a8cf909065290eea5d562b2018181eacbdf1d8c2da9bed0e4b9034e7c7c5a1e
SSDEEP

6144:uRgtpldHfDWPkGkbjBFjSdeXQJMa0zkdrPW7B8DkGt9EnIcF6LI:GGfDWPkGkbjBhSdeXQJMDgDB9iIMsI

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3268	setup.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3268	setup.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1624 wrote to memory of 3268	1624	13e80d3ee65a3c5eb86db45ed2c41ba8.exe	23
PID 1624 wrote to memory of 3268	1624	13e80d3ee65a3c5eb86db45ed2c41ba8.exe	23
PID 1624 wrote to memory of 3268	1624	13e80d3ee65a3c5eb86db45ed2c41ba8.exe	23

C:\Users\Admin\AppData\Local\Temp\13e80d3ee65a3c5eb86db45ed2c41ba8.exe
"C:\Users\Admin\AppData\Local\Temp\13e80d3ee65a3c5eb86db45ed2c41ba8.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1624
- C:\Users\Admin\AppData\Local\Temp\tsldrl6660\setup.exe
  "C:\Users\Admin\AppData\Local\Temp\tsldrl6660\setup.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  PID:3268

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\dif51BA.tmp

Filesize
950B

MD5
0b6acd9f7dd84eb5b0b5672a148a2b45

SHA1
60ad5b6001b992983aca963fe8937d52589d505c

SHA256
1ef58e776375e674b56227ad7324cdaebe5eb92f2136b2f096b5a6cbf65612e7

SHA512
146f9fdcc218d4a6ed9f379b811f5dd5d026a347501aae42e945722a4d1d5aa0ed17c14aca21b6ba6909c627143396ba6409e2b1245a8c3a096c628f604b4bc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\tsldrl6660\data.pck

Filesize
32KB

MD5
d9740b2f0c2773eb5155167d6e828dd4

SHA1
2cf8900f542f0a5b2e00e2943b4153c813c6a954

SHA256
a0f06e4070fe83e99847fb58e7da59457b8a898da695288d189bac03ee17abb3

SHA512
c9f1eb9d1c10f9d568c16fa36b79f1f18e314e203153ebb50d847e9e8c277ee36e8c8bea2c5a19b0d7ad90e5bb0bf0c5a13e73bb012ef53dde07e8729cbb797c

Download Submit
C:\Users\Admin\AppData\Local\Temp\tsldrl6660\index.scr

Filesize
950B

MD5
ac6911879f6eef67e2769a816537a58c

SHA1
260bcabd40563577692ee03fa19575ba5a5edc29

SHA256
336a80cbf1259972b9aff8f97076958491bf69d720f0068d3e1f4c484c7318e2

SHA512
a0a5a82f605e28be81ae018b89d13770099beabb5914ed436829cfa295a570de0d80d1390887a56e3d7456f59c50981491ef121aa6291e4cf08fb445ae4c89b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\tsldrl6660\pbin.da_

Filesize
41KB

MD5
3d656c51f43afd766c4f50e5c2681efb

SHA1
13bee8503f1f15196d0144b5fd1738a42a2770bc

SHA256
7cdabf465558429dc62af3b3d1c1ae1cf78ea3e5e7f1792ccb8b72533c15d0d8

SHA512
fdaa7ba7ac752450e18dfc62477ba70b70a58abebe2a93daec585ebc7ac4714cc06624fd741fed66e34ba756ba98ff2214fcec801c7f76580f9c30ec154f80ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\tsldrl6660\setup.exe

Filesize
1KB

MD5
c01031f781706631ca1b978d090ff484

SHA1
0c8770889a0c31da4a239fa9ce2a0d4790be060a

SHA256
ecd46343bb4cfca6ff01e6d1d9fad09b9c5d714e5619003b3bf62938e1b09e3d

SHA512
6e07712b6f8d4783436cd7f8de922169661faf42a8632ea51a50721a85f585bdc7bbdfcb5d6b18c2b3c8d36ba3cf3543f0cd5b972c2082b273f79f6c2d65fbce

Download Submit
C:\Users\Admin\AppData\Local\Temp\tsldrl6660\setup.exe

Filesize
6KB

MD5
f20ebbc122d6160772f11f8a63f5d11a

SHA1
b217f9109d0568f73fb92c79fa91d8f0c97d3257

SHA256
519a3592d0e4bfdf10add72b3d32070360f9741f21048f7f39250cee13157989

SHA512
6755aa54f5afaf2427d107bd2b5a8464347200ac007db652e2a83a79ea10e330d07e6664bb50a77330ba35c353b5539c0c76a5681a02b896de4f4a5e48c30b3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tsldrl6660\sfiles\lang.ini

Filesize
12KB

MD5
71fec3a7b7aee478b0dfdd170ba92c67

SHA1
6d193cd03453cecda4f23adc785acef9f8da1468

SHA256
24fd19a3311763a3b89850349ae68d26bcaf6be48aecac55ac9d951610514b16

SHA512
4b4a3210169bbbdf94347bddc0179b9e7885b99e61f1e65d807ba10cc2091cf3ebabae79a181e3fdb84a0e8dd4f6ddc168568e820b0bb4b43b60f865a18a93b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\tsldrl6660\sfiles\skin.ini

Filesize
1KB

MD5
393a22419b84a1219194cd6542a23c93

SHA1
f480bbfb8009844782366a3dec2ad23266dc48bc

SHA256
c46fe077a9206c75b2a6068dd6929c09df9bc616adb3caf7f1443a90f0276468

SHA512
beadbda583bf63e31a247ddcea59d7033f6cfd385e6d6bf3fc3884855ddf4b04d05f1d739f36a19319263951605bdfc00a4cc11380d978ffe2b28d4c3d35bee4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads