1ef7a11839c01f755ecf77bba657134fc725a0bfb5f597b70ccdd5cc7820d725

Analysis

max time kernel
164s
max time network
175s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 14:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

02928764dae7de4d74780d99ba996409.exe
Size

192KB
MD5

02928764dae7de4d74780d99ba996409
SHA1

5238701910436aa60cbfc5c56461b21b61bcb137
SHA256

1ef7a11839c01f755ecf77bba657134fc725a0bfb5f597b70ccdd5cc7820d725
SHA512

d15907bc4ae817b143e88a128dd29ba9089fc35bdda6f36a41b29ab6d03a6fe04f1b942670853d80f6090460322b22c2ce827299a68577e5b52dde2238a42490
SSDEEP

3072:HiDUNZxjxnsbHPTQeNkvRpuOUNaIFbwf4yKONmN1Po7o96trEZc+uCNrQ9:HiDUNZhxnmTtkPuOUNCgbKmboi6trkue

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 10 IoCs

pid	Process
1212	IE6X.exe
4532	IE6X.exe
3844	IE6X.exe
4976	IE6X.exe
976	IE6X.exe
1344	IE6X.exe
2164	IE6X.exe
400	IE6X.exe
4288	IE6X.exe
3348	IE6X.exe

Drops file in System32 directory 22 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\IE6X.exe	IE6X.exe
File created	C:\Windows\SysWOW64\IE6X.exe	IE6X.exe
File opened for modification	C:\Windows\SysWOW64\IE6X.exe	IE6X.exe
File opened for modification	C:\Windows\SysWOW64\IE6X.exe	IE6X.exe
File created	C:\Windows\SysWOW64\IE6X.exe	IE6X.exe
File opened for modification	C:\Windows\SysWOW64\IE6X.exe	02928764dae7de4d74780d99ba996409.exe
File opened for modification	C:\Windows\SysWOW64\IE6X.exe	IE6X.exe
File created	C:\Windows\SysWOW64\IE6X.exe	IE6X.exe
File created	C:\Windows\SysWOW64\IE6X.exe	IE6X.exe
File created	C:\Windows\SysWOW64\IE6X.exe	IE6X.exe
File opened for modification	C:\Windows\SysWOW64\IE6X.exe	IE6X.exe
File opened for modification	C:\Windows\SysWOW64\IE6X.exe	IE6X.exe
File created	C:\Windows\SysWOW64\IE6X.exe	IE6X.exe
File opened for modification	C:\Windows\SysWOW64\IE6X.exe	IE6X.exe
File created	C:\Windows\SysWOW64\IE6X.exe	02928764dae7de4d74780d99ba996409.exe
File created	C:\Windows\SysWOW64\IE6X.exe	IE6X.exe
File opened for modification	C:\Windows\SysWOW64\IE6X.exe	IE6X.exe
File opened for modification	C:\Windows\SysWOW64\IE6X.exe	IE6X.exe
File created	C:\Windows\SysWOW64\IE6X.exe	IE6X.exe
File opened for modification	C:\Windows\SysWOW64\IE6X.exe	IE6X.exe
File opened for modification	C:\Windows\SysWOW64\IE6X.exe	IE6X.exe
File created	C:\Windows\SysWOW64\IE6X.exe	IE6X.exe

Suspicious use of WriteProcessMemory 30 IoCs

description	pid	Process	procid_target
PID 3660 wrote to memory of 1212	3660	02928764dae7de4d74780d99ba996409.exe	90
PID 3660 wrote to memory of 1212	3660	02928764dae7de4d74780d99ba996409.exe	90
PID 3660 wrote to memory of 1212	3660	02928764dae7de4d74780d99ba996409.exe	90
PID 1212 wrote to memory of 4532	1212	IE6X.exe	99
PID 1212 wrote to memory of 4532	1212	IE6X.exe	99
PID 1212 wrote to memory of 4532	1212	IE6X.exe	99
PID 4532 wrote to memory of 3844	4532	IE6X.exe	101
PID 4532 wrote to memory of 3844	4532	IE6X.exe	101
PID 4532 wrote to memory of 3844	4532	IE6X.exe	101
PID 3844 wrote to memory of 4976	3844	IE6X.exe	105
PID 3844 wrote to memory of 4976	3844	IE6X.exe	105
PID 3844 wrote to memory of 4976	3844	IE6X.exe	105
PID 4976 wrote to memory of 976	4976	IE6X.exe	108
PID 4976 wrote to memory of 976	4976	IE6X.exe	108
PID 4976 wrote to memory of 976	4976	IE6X.exe	108
PID 976 wrote to memory of 1344	976	IE6X.exe	113
PID 976 wrote to memory of 1344	976	IE6X.exe	113
PID 976 wrote to memory of 1344	976	IE6X.exe	113
PID 1344 wrote to memory of 2164	1344	IE6X.exe	115
PID 1344 wrote to memory of 2164	1344	IE6X.exe	115
PID 1344 wrote to memory of 2164	1344	IE6X.exe	115
PID 2164 wrote to memory of 400	2164	IE6X.exe	116
PID 2164 wrote to memory of 400	2164	IE6X.exe	116
PID 2164 wrote to memory of 400	2164	IE6X.exe	116
PID 400 wrote to memory of 4288	400	IE6X.exe	117
PID 400 wrote to memory of 4288	400	IE6X.exe	117
PID 400 wrote to memory of 4288	400	IE6X.exe	117
PID 4288 wrote to memory of 3348	4288	IE6X.exe	118
PID 4288 wrote to memory of 3348	4288	IE6X.exe	118
PID 4288 wrote to memory of 3348	4288	IE6X.exe	118

C:\Users\Admin\AppData\Local\Temp\02928764dae7de4d74780d99ba996409.exe
"C:\Users\Admin\AppData\Local\Temp\02928764dae7de4d74780d99ba996409.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:3660
- C:\Windows\SysWOW64\IE6X.exe
  C:\Windows\system32\IE6X.exe 1148 "C:\Users\Admin\AppData\Local\Temp\02928764dae7de4d74780d99ba996409.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:1212
- - C:\Windows\SysWOW64\IE6X.exe
    C:\Windows\system32\IE6X.exe 1152 "C:\Windows\SysWOW64\IE6X.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in System32 directory
    - Suspicious use of WriteProcessMemory
    PID:4532
  - - C:\Windows\SysWOW64\IE6X.exe
      C:\Windows\system32\IE6X.exe 1120 "C:\Windows\SysWOW64\IE6X.exe"
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:3844
    - - C:\Windows\SysWOW64\IE6X.exe
        
        C:\Windows\system32\IE6X.exe 1124 "C:\Windows\SysWOW64\IE6X.exe"
        5⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:4976
      - C:\Windows\SysWOW64\IE6X.exe
        
        C:\Windows\system32\IE6X.exe 1128 "C:\Windows\SysWOW64\IE6X.exe"
        6⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:976
        
        C:\Windows\SysWOW64\IE6X.exe
        
        C:\Windows\system32\IE6X.exe 1132 "C:\Windows\SysWOW64\IE6X.exe"
        7⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1344
        
        C:\Windows\SysWOW64\IE6X.exe
        
        C:\Windows\system32\IE6X.exe 1112 "C:\Windows\SysWOW64\IE6X.exe"
        8⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2164
        
        C:\Windows\SysWOW64\IE6X.exe
        
        C:\Windows\system32\IE6X.exe 1100 "C:\Windows\SysWOW64\IE6X.exe"
        9⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:400
        
        C:\Windows\SysWOW64\IE6X.exe
        
        C:\Windows\system32\IE6X.exe 1144 "C:\Windows\SysWOW64\IE6X.exe"
        10⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:4288
        
        C:\Windows\SysWOW64\IE6X.exe
        
        C:\Windows\system32\IE6X.exe 1160 "C:\Windows\SysWOW64\IE6X.exe"
        11⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3348

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\IE6X.exe

Filesize
192KB

MD5
02928764dae7de4d74780d99ba996409

SHA1
5238701910436aa60cbfc5c56461b21b61bcb137

SHA256
1ef7a11839c01f755ecf77bba657134fc725a0bfb5f597b70ccdd5cc7820d725

SHA512
d15907bc4ae817b143e88a128dd29ba9089fc35bdda6f36a41b29ab6d03a6fe04f1b942670853d80f6090460322b22c2ce827299a68577e5b52dde2238a42490

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads