e45d0fe1f90ef518f80564af3e37e9599b4219452ed827a74ccba7c45cbe80f6

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 05:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0843d40081442b63ba6d8b3e96fc7c6f.exe
Size

278KB
MD5

0843d40081442b63ba6d8b3e96fc7c6f
SHA1

dd581f4859bc22b411535bfcef179018913ec65f
SHA256

e45d0fe1f90ef518f80564af3e37e9599b4219452ed827a74ccba7c45cbe80f6
SHA512

d0259a05e6cd8e948652287e9753ec26fc968d438941ee63afedffcffab3a72110b9d192ff3bb179844170d6609ea0b20dc01e284b818ea55895ef389ae05e0a
SSDEEP

6144:1zW/KFKexXI7tRrKwyjg2ruu6rFxpSDg9SCN6y:ltx4BRrKwyjg+uxYUAy6y

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2380	setup.exe

Loads dropped DLL 1 IoCs

pid	Process
3020	0843d40081442b63ba6d8b3e96fc7c6f.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 3020 wrote to memory of 2380	3020	0843d40081442b63ba6d8b3e96fc7c6f.exe	15
PID 3020 wrote to memory of 2380	3020	0843d40081442b63ba6d8b3e96fc7c6f.exe	15
PID 3020 wrote to memory of 2380	3020	0843d40081442b63ba6d8b3e96fc7c6f.exe	15
PID 3020 wrote to memory of 2380	3020	0843d40081442b63ba6d8b3e96fc7c6f.exe	15
PID 3020 wrote to memory of 2380	3020	0843d40081442b63ba6d8b3e96fc7c6f.exe	15
PID 3020 wrote to memory of 2380	3020	0843d40081442b63ba6d8b3e96fc7c6f.exe	15
PID 3020 wrote to memory of 2380	3020	0843d40081442b63ba6d8b3e96fc7c6f.exe	15
PID 3020 wrote to memory of 2380	3020	0843d40081442b63ba6d8b3e96fc7c6f.exe	15
PID 3020 wrote to memory of 2380	3020	0843d40081442b63ba6d8b3e96fc7c6f.exe	15

C:\Users\Admin\AppData\Local\Temp\0843d40081442b63ba6d8b3e96fc7c6f.exe
"C:\Users\Admin\AppData\Local\Temp\0843d40081442b63ba6d8b3e96fc7c6f.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3020
- C:\Users\Admin\AppData\Local\Temp\tsldrl6660\setup.exe
  "C:\Users\Admin\AppData\Local\Temp\tsldrl6660\setup.exe"
  2⤵
  - Executes dropped EXE
  PID:2380

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\dif10B3.tmp

Filesize
817B

MD5
e6cf7df780cd0f2f8320e641639a248a

SHA1
3e8628d9a3ea0914578ab6e1da3e47bb684d5eda

SHA256
d1c5e84eeba8b997f04f34533257657af942a8f744f17c55c7b757bbf7beb49e

SHA512
089b1d404afeae264def7ef49c9ee1b2c1c09788e64232fc99ee119b92e82bd5a04894cb0496bc74ac6a90b5b7319eecf22c8aadebd8a8e06bc4262cc33b5b96

Download Submit
C:\Users\Admin\AppData\Local\Temp\tsldrl6660\data.pck

Filesize
219KB

MD5
35c8aecde60d16f6adb66bf2e31a0d5a

SHA1
14cf43c5865412b7d2e683e3fa3cb991beb1e12c

SHA256
5f866d9c252e45faf35fdeda6fae9ba493fcc3b97a6a5062042222a063ef1eaf

SHA512
7ace00a97908be2bef7152a74eb5f3274f8a9a3194b053483827cd3378eafece9fe572f7a9c18b4167dbec0ff25baf0b5828a7d778b7347534af8769631baa3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\tsldrl6660\index.scr

Filesize
817B

MD5
22da9fdbd2858bafde49497903b8f314

SHA1
6f584eef67b26f13d4735c5c377be1e1d77921de

SHA256
fe97be5d556ba3daf97aeea17b61888640f828b907eba0086c98f11e73f37945

SHA512
ae5ef215a56b0ac3edeeafd39a3e3bd6db5a8430628e4a6a5218826ec6388b07f617c5296b8c9a801183813e9fe8849ebb1513ea966611a512e58968b906c273

Download Submit
C:\Users\Admin\AppData\Local\Temp\tsldrl6660\puzzle.pzl

Filesize
9KB

MD5
517c14edb47c5f2a7320c59f9737cfaa

SHA1
6610e0b3e005553f6b1ac778524fcce2e4f19ec4

SHA256
f45c465875ab6acad019eec5f4008575fc364e88cca5b6442beccab014ba4c78

SHA512
5b64e6e84eb57c66e66ee6f2d3951d377bee82470af7191d668dea2c707b01808ed0b31467628c40077d0352bb559192729858ef8beeb1fcd41387fc1a607593

Download Submit
C:\Users\Admin\AppData\Local\Temp\tsldrl6660\setup.exe

Filesize
52KB

MD5
9cb3451ef6c49617df48ed1b93120b9f

SHA1
55bfe9a421b528e730b92e1a7d7c3534bbc6dfc2

SHA256
2df2076dc5c4fcf5a6705ed03a1fd5bf878d2a3daf2d75d41c9aaf8dceb3971e

SHA512
a901eb01fd13512cdd4448609ad033e8dd4362cee263fdbe2a0e14b4a11b9237c9b3d9b3c63a57010f33aeaca955174b65061c3ba0f7f9eb36a077dd4e31ec4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tsldrl6660\setup.exe

Filesize
126KB

MD5
d982537fbe15036db8cb21bf196bf9ab

SHA1
bb928254e210c50d7e347b0ba9d4d77a1e68a18b

SHA256
1d7dafaaaf6f79ff24ac8d95f3d5b6c01d4ebadb7041cbb97171505fd45fde45

SHA512
928f1f13017981a8b0b0ad6e173291854a8e710b6bb65d74e30cadf0fecd9a22940c1dbd64656e7791f714754f041ac73bcc8a8e3688d4a4db4ccbfda3d748da

Download Submit
C:\Users\Admin\AppData\Local\Temp\tsldrl6660\sfiles\lang.ini

Filesize
10KB

MD5
cedfd1c79c51b026a3f87794150a5039

SHA1
d373440a1f2fd8581861d7b7090085c5484b6087

SHA256
ba5ef58a17d91c7f8f39d2da9e841a162c806269e6f2bb4b689a8e9b1d0a9a80

SHA512
f48718440741fbcd80cf5b764c20629f82a527e260cb31297d40cdce22e7c3ceaac69077dc54a87767a7eac2bc826fb8f9743273049d52b0891819a089808ff3

Download Submit
C:\Users\Admin\AppData\Local\Temp\tsldrl6660\sfiles\skin.ini

Filesize
1KB

MD5
393a22419b84a1219194cd6542a23c93

SHA1
f480bbfb8009844782366a3dec2ad23266dc48bc

SHA256
c46fe077a9206c75b2a6068dd6929c09df9bc616adb3caf7f1443a90f0276468

SHA512
beadbda583bf63e31a247ddcea59d7033f6cfd385e6d6bf3fc3884855ddf4b04d05f1d739f36a19319263951605bdfc00a4cc11380d978ffe2b28d4c3d35bee4

Download Submit
\Users\Admin\AppData\Local\Temp\tsldrl6660\setup.exe

Filesize
284KB

MD5
80e0eeb2874c16d977102f0755f4fe55

SHA1
ce451fe52944734e5e5c35ec2a6e53be6af915e1

SHA256
ed5fc0d388976a2120de796eeab1833a1af484071133c9989f4cc8d75427b200

SHA512
828c00bcecf0565c54716e1e617fcec67262eb10958f7e1e12e362687859acdef043b3d1c2205440d029efb3f3e01443aedb81e4fc23f2e73911a98b430d9551

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads