6a009d528403268211b71fb8a6001a000684cddc71a18e7ee7f19b17fc3aa1e0

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24-12-2023 20:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0fda75b957e40a461c012ef0127a2af5.exe
Size

2.6MB
MD5

0fda75b957e40a461c012ef0127a2af5
SHA1

fabc3035e96c20718f7171942b6dcfe451f53251
SHA256

6a009d528403268211b71fb8a6001a000684cddc71a18e7ee7f19b17fc3aa1e0
SHA512

2c4c6113b8b56fe5211a8c822507cbe73dec0667fed6906d930b75de66ebe8d3970935bbdd864ec082deb7ed5cfb159d184553de0f6ccbbf618ecdd30cdc56dc
SSDEEP

49152:nagBQHFy2U1F5NfB0v04wgiUzCdXTJ0PqGAVVM6BrSV5G:ag2HA2Ez0v04riU8XTOCc6BmHG

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4944	0fda75b957e40a461c012ef0127a2af5.tmp

Loads dropped DLL 2 IoCs

pid	Process
4944	0fda75b957e40a461c012ef0127a2af5.tmp
4944	0fda75b957e40a461c012ef0127a2af5.tmp

Script User-Agent 2 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	14	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	25	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5044 wrote to memory of 4944	5044	0fda75b957e40a461c012ef0127a2af5.exe	89
PID 5044 wrote to memory of 4944	5044	0fda75b957e40a461c012ef0127a2af5.exe	89
PID 5044 wrote to memory of 4944	5044	0fda75b957e40a461c012ef0127a2af5.exe	89

C:\Users\Admin\AppData\Local\Temp\0fda75b957e40a461c012ef0127a2af5.exe
"C:\Users\Admin\AppData\Local\Temp\0fda75b957e40a461c012ef0127a2af5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5044
- C:\Users\Admin\AppData\Local\Temp\is-OE796.tmp\0fda75b957e40a461c012ef0127a2af5.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-OE796.tmp\0fda75b957e40a461c012ef0127a2af5.tmp" /SL5="$B0208,2450495,54272,C:\Users\Admin\AppData\Local\Temp\0fda75b957e40a461c012ef0127a2af5.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-K73G5.tmp\itdownload.dll

Filesize
200KB

MD5
d82a429efd885ca0f324dd92afb6b7b8

SHA1
86bbdaa15e6fc5c7779ac69c84e53c43c9eb20ea

SHA256
b258c4d7d2113dee2168ed7e35568c8e03341e24e3eafc7a22a0d62e32122ef3

SHA512
5bf0c3b8fa5db63205a263c4fa5337188173248bef609ba4d03508c50db1fd1e336f3041ce96d78cc97659357a83e6e422f5b079d893a20a683270e05f5438df

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-K73G5.tmp\itdownload.dll

Filesize
64KB

MD5
6af3aa53cdfec59183502b1701bea7eb

SHA1
61cfe52a7be211cbce0749d7d7aa331acc71ad27

SHA256
9947a91e339331304e1ce3c15e3644f68cdc7dd0c4c841a0e2bbd5fa45a498f7

SHA512
461197b762f51f9b8dceda19617106e0b893c24058e54b8215841790ea716f974d68266367747f8a1a3426382ce6be348c8be960f081726e06b15290797a5fd6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-OE796.tmp\0fda75b957e40a461c012ef0127a2af5.tmp

Filesize
688KB

MD5
67c5a4f36e1c91a3b85e440edd7ad026

SHA1
e49ea0e558ed682498cc61b3070e4c402fbf0912

SHA256
99c299d6565ab53d9af66e0146737dc0ecfbc52ecf4740825b552db0cc4210c6

SHA512
40522d4645ece0db9888ea40d1a11356aa5efc191184a0b97cb54a6c243532b1fc306e9095bbfa1f5dc02c8e52b709650230d1383532136e56caea3dc19a973e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-OE796.tmp\0fda75b957e40a461c012ef0127a2af5.tmp

Filesize
601KB

MD5
a3d9994840e9b80375bd64ddde6cc301

SHA1
dc55eeb5a204c8e232be2421b222c9952af7e064

SHA256
b3b81e02dfb7f434fcd07bf970a9845abac2a04bf34579346e19607124d76a31

SHA512
a1829a632a38003b1eaab3c70d3d05cd4d12c1ccf25da534f23033f2ee2232b143723cb5965ed1dd351af1e637721171319405efb38ac550a86e29f3333a8920

Download Submit
memory/4944-10-0x0000000000680000-0x0000000000681000-memory.dmp

Filesize
4KB

Download
memory/4944-17-0x00000000024A0000-0x00000000024DC000-memory.dmp

Filesize
240KB

Download
memory/4944-27-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/4944-28-0x00000000024A0000-0x00000000024DC000-memory.dmp

Filesize
240KB

Download
memory/4944-32-0x0000000000680000-0x0000000000681000-memory.dmp

Filesize
4KB

Download
memory/5044-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/5044-2-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/5044-26-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download