16cf16d7081107e4e2b55ffa4fa8d279b435466519f36aaf33fdfe203226eb6f

Analysis

max time kernel
161s
max time network
171s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 22:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

408861626b80bbcafa2928327334785e.exe
Size

392KB
MD5

408861626b80bbcafa2928327334785e
SHA1

98dad5249f31addb4c6e370c801f59623bb749ca
SHA256

16cf16d7081107e4e2b55ffa4fa8d279b435466519f36aaf33fdfe203226eb6f
SHA512

496d92a3ca93d60d26ed3e4d56bd89709884d6a7ef859b45c77472dad172fe92ece6894f7293cea7dcda827ca4310b283bdec748fec160799a06b326de499444
SSDEEP

6144:1Rgym92YGB+40vPLGPACNQjwhAAdziJOP4XkFN+G5ply43vNRNByTb7NF31NhB:H6fu+40vPy/JzoDUpL3vNRM91X

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1080	winvnc.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1328 wrote to memory of 1080	1328	408861626b80bbcafa2928327334785e.exe	91
PID 1328 wrote to memory of 1080	1328	408861626b80bbcafa2928327334785e.exe	91
PID 1328 wrote to memory of 1080	1328	408861626b80bbcafa2928327334785e.exe	91

C:\Users\Admin\AppData\Local\Temp\408861626b80bbcafa2928327334785e.exe
"C:\Users\Admin\AppData\Local\Temp\408861626b80bbcafa2928327334785e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1328
- C:\Users\Admin\AppData\Local\Temp\7zS2863.tmp\winvnc.exe
  .\winvnc.exe
  2⤵
  - Executes dropped EXE
  PID:1080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS2863.tmp\background.bmp

Filesize
1KB

MD5
6ce6e5fcf1a56b80f4ffa6f685d4329d

SHA1
91780868c241e83754003855407805c0cda20254

SHA256
6fcc92e281d25569d300297ef79a5796bc5e0c226aa35624dd6a9f38b8413402

SHA512
7af21c8840f56c5ded22161504dd3d6c282ad83a0fb1f711fccfc7d87676de3036120e60e2c0e57fb998a0dcfe512950d3f16e0bdcb493d37a681f31b8cb399f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS2863.tmp\helpdesk.txt

Filesize
1KB

MD5
68591666d18e91f46b147fbcf71408e1

SHA1
b4755f8c2c1c043979c953b8d1778565bfab06d2

SHA256
b89639dba499cc8a3e80f512a23f760f78123f1935360e9d15ea883035f5490c

SHA512
2a76f3de2570ff415d47bdd8ddcbdae8fdbf6607070f08b534a99b08b0a6ea2b02f819c59c270ad7bbe051163c731614f9fcc1a84195c2934defab6c3269767b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS2863.tmp\logo.bmp

Filesize
103KB

MD5
c82f3545906027613f086183a43abeaf

SHA1
a666b1c5e58ab5f4daeaf379670583e1c5f73a40

SHA256
ef31a35552671f50f2ba4f7078a1da9f5ca871c52c1f0fd82de011946f47d208

SHA512
6e46663d0870a6d2d82e12b0ba4b403061f1c2d6746c9c3621c7eed86f8472358a041e86150fe3c8e44b41b5bbcaef73f2174971f9c41b615d0bf2e9d2e305de

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS2863.tmp\winvnc.exe

Filesize
251KB

MD5
40a21759f5ad164f5c58e3c4c1a30ede

SHA1
287b840f6bd10a05922d9ded005eda53128efe12

SHA256
5ffb6b4b753e5915516c03f91e6cd09dcfdc87004ce3ecdd2e3e8d51bc0bea72

SHA512
19a1052731f8780dac7855454d38685a0e11a898c98c0138c8dcad722f34f9e50f34bbcad5915bf62886942934795d5907e2be081ce84639d415f14aa368db28

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads