fc9368bc55b74edf670baaf1fd0ccbb1eb5ab0352f88b8a6bef6ee9dd318f503

Analysis

max time kernel
149s
max time network
153s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 19:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0f55ddcba102869b4acd2c6790708cf6.exe
Size

4.2MB
MD5

0f55ddcba102869b4acd2c6790708cf6
SHA1

66918d2e84f8c008e99347b92c2a954632ee66c4
SHA256

fc9368bc55b74edf670baaf1fd0ccbb1eb5ab0352f88b8a6bef6ee9dd318f503
SHA512

5e794ada82810207e7cd1a1316f2a5be2d6311b31801d7726a636996f54a9b1d7019d6694be743aa388df4ffab5273a14b269957dddeddff120418f24a0441ed
SSDEEP

98304:6jLx5EXfWvtHarzK7UK2n4SYBOmjbW01bpldeosbEyW:CLxKXfWvNaPG2ZCOgbW0Fp/e/AyW

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
2472	0f55ddcba102869b4acd2c6790708cf6.tmp

Loads dropped DLL 2 IoCs

pid	Process
2508	0f55ddcba102869b4acd2c6790708cf6.exe
2472	0f55ddcba102869b4acd2c6790708cf6.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2508 wrote to memory of 2472	2508	0f55ddcba102869b4acd2c6790708cf6.exe	28
PID 2508 wrote to memory of 2472	2508	0f55ddcba102869b4acd2c6790708cf6.exe	28
PID 2508 wrote to memory of 2472	2508	0f55ddcba102869b4acd2c6790708cf6.exe	28
PID 2508 wrote to memory of 2472	2508	0f55ddcba102869b4acd2c6790708cf6.exe	28
PID 2508 wrote to memory of 2472	2508	0f55ddcba102869b4acd2c6790708cf6.exe	28
PID 2508 wrote to memory of 2472	2508	0f55ddcba102869b4acd2c6790708cf6.exe	28
PID 2508 wrote to memory of 2472	2508	0f55ddcba102869b4acd2c6790708cf6.exe	28

C:\Users\Admin\AppData\Local\Temp\0f55ddcba102869b4acd2c6790708cf6.exe
"C:\Users\Admin\AppData\Local\Temp\0f55ddcba102869b4acd2c6790708cf6.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2508
- C:\Users\Admin\AppData\Local\Temp\is-O0H3S.tmp\0f55ddcba102869b4acd2c6790708cf6.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-O0H3S.tmp\0f55ddcba102869b4acd2c6790708cf6.tmp" /SL5="$30150,3890581,119808,C:\Users\Admin\AppData\Local\Temp\0f55ddcba102869b4acd2c6790708cf6.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\is-61J02.tmp\itdownload.dll

Filesize
200KB

MD5
d82a429efd885ca0f324dd92afb6b7b8

SHA1
86bbdaa15e6fc5c7779ac69c84e53c43c9eb20ea

SHA256
b258c4d7d2113dee2168ed7e35568c8e03341e24e3eafc7a22a0d62e32122ef3

SHA512
5bf0c3b8fa5db63205a263c4fa5337188173248bef609ba4d03508c50db1fd1e336f3041ce96d78cc97659357a83e6e422f5b079d893a20a683270e05f5438df

Download Submit
\Users\Admin\AppData\Local\Temp\is-O0H3S.tmp\0f55ddcba102869b4acd2c6790708cf6.tmp

Filesize
1.1MB

MD5
d5d303dbabe599c5b4c9b96571d1b599

SHA1
265641e6144297bfe761ca3b332349e0d0b7a5b5

SHA256
e277bc4cc95eec3a3b1341270f62c12adcf2c6ed666f59f611219e4193d1fe44

SHA512
de44eac295721c07c789a1c5862e1522a0c0a73d0a0e6d016de60672fab447e7eae5b7b5ad9ae2be2cadf1d9559cdadc6bd2367a195172305085ab1bc2c683be

Download Submit
memory/2472-17-0x0000000002E40000-0x0000000002E7C000-memory.dmp

Filesize
240KB

Download
memory/2472-18-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/2472-10-0x0000000000400000-0x000000000052D000-memory.dmp

Filesize
1.2MB

Download
memory/2472-7-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/2472-13-0x0000000002E40000-0x0000000002E7C000-memory.dmp

Filesize
240KB

Download
memory/2472-16-0x0000000000400000-0x000000000052D000-memory.dmp

Filesize
1.2MB

Download
memory/2472-51-0x0000000002E40000-0x0000000002E7C000-memory.dmp

Filesize
240KB

Download
memory/2472-48-0x0000000002E40000-0x0000000002E7C000-memory.dmp

Filesize
240KB

Download
memory/2472-24-0x0000000002E40000-0x0000000002E7C000-memory.dmp

Filesize
240KB

Download
memory/2472-36-0x0000000002E40000-0x0000000002E7C000-memory.dmp

Filesize
240KB

Download
memory/2472-39-0x0000000002E40000-0x0000000002E7C000-memory.dmp

Filesize
240KB

Download
memory/2472-45-0x0000000002E40000-0x0000000002E7C000-memory.dmp

Filesize
240KB

Download
memory/2508-9-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2508-0-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads