5e290071583029556781cb28805791e1fa7d90a38f798dbd8bac76abc2f49c68

Analysis

max time kernel
149s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 03:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

twII13+10trfixed.exe
Size

1.1MB
MD5

bda4adccd90739bd8487ecd76e2f51e0
SHA1

b99d34f8b5891e1bd0816cb24c24e75c4eb38cce
SHA256

74fb230efaa38170b4fe28b7bff4fce92921a8b85e0a2d46ae462b47107fba55
SHA512

9de6772555e39bf971ac8e7f90b55fbabe251dbcc1ae409eca30ae9f12b59ab838ce8c3a777a57311438c9fbd923a507e73b7cc0b30cb74fbfb01e32a7486933
SSDEEP

24576:caVNKByc58gxlWhYYBdU/D5HkieQ3wdp/v2KSgS0GCA/3To4WJ6N6Z:cavExWFHiGielDv2DgS0GxboR6c

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe
4008	twII13+10trfixed.exe

C:\Users\Admin\AppData\Local\Temp\twII13+10trfixed.exe
"C:\Users\Admin\AppData\Local\Temp\twII13+10trfixed.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4008-0-0x0000000000400000-0x000000000074FA38-memory.dmp

Filesize
3.3MB

Download
memory/4008-1-0x0000000000400000-0x000000000074FA38-memory.dmp

Filesize
3.3MB

Download
memory/4008-5-0x00000000027D0000-0x00000000027D3000-memory.dmp

Filesize
12KB

Download
memory/4008-9-0x0000000002660000-0x0000000002661000-memory.dmp

Filesize
4KB

Download
memory/4008-11-0x0000000000400000-0x000000000074FA38-memory.dmp

Filesize
3.3MB

Download
memory/4008-10-0x0000000000400000-0x000000000074FA38-memory.dmp

Filesize
3.3MB

Download
memory/4008-8-0x000000007FE40000-0x000000007FE41000-memory.dmp

Filesize
4KB

Download
memory/4008-7-0x00000000026D0000-0x000000000271B000-memory.dmp

Filesize
300KB

Download
memory/4008-6-0x00000000027C0000-0x00000000027C7000-memory.dmp

Filesize
28KB

Download
memory/4008-4-0x0000000000400000-0x000000000074FA38-memory.dmp

Filesize
3.3MB

Download
memory/4008-3-0x0000000000400000-0x000000000074FA38-memory.dmp

Filesize
3.3MB

Download
memory/4008-2-0x0000000000400000-0x000000000074FA38-memory.dmp

Filesize
3.3MB

Download
memory/4008-13-0x0000000002740000-0x000000000274E000-memory.dmp

Filesize
56KB

Download
memory/4008-14-0x0000000000400000-0x000000000074FA38-memory.dmp

Filesize
3.3MB

Download
memory/4008-12-0x0000000000400000-0x000000000074FA38-memory.dmp

Filesize
3.3MB

Download
memory/4008-15-0x0000000000400000-0x000000000074FA38-memory.dmp

Filesize
3.3MB

Download
memory/4008-17-0x0000000002660000-0x0000000002661000-memory.dmp

Filesize
4KB

Download
memory/4008-18-0x0000000000400000-0x000000000074FA38-memory.dmp

Filesize
3.3MB

Download
memory/4008-20-0x0000000000400000-0x000000000074FA38-memory.dmp

Filesize
3.3MB

Download
memory/4008-24-0x0000000000400000-0x000000000074FA38-memory.dmp

Filesize
3.3MB

Download
memory/4008-26-0x0000000000400000-0x000000000074FA38-memory.dmp

Filesize
3.3MB

Download
memory/4008-30-0x0000000000400000-0x000000000074FA38-memory.dmp

Filesize
3.3MB

Download
memory/4008-32-0x0000000000400000-0x000000000074FA38-memory.dmp

Filesize
3.3MB

Download
memory/4008-34-0x0000000000400000-0x000000000074FA38-memory.dmp

Filesize
3.3MB

Download
memory/4008-36-0x0000000000400000-0x000000000074FA38-memory.dmp

Filesize
3.3MB

Download
memory/4008-38-0x0000000000400000-0x000000000074FA38-memory.dmp

Filesize
3.3MB

Download
memory/4008-40-0x0000000000400000-0x000000000074FA38-memory.dmp

Filesize
3.3MB

Download