8d7471f66c3d67a3baa4af0b46486a4b41dc09f622bb93c179a8fb0ae853446e

Analysis

max time kernel
147s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 08:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

11a2bb7682b29931ba28923f4b1ade78.exe
Size

385KB
MD5

11a2bb7682b29931ba28923f4b1ade78
SHA1

121bbac766fa309488f52cd9736539d209494982
SHA256

8d7471f66c3d67a3baa4af0b46486a4b41dc09f622bb93c179a8fb0ae853446e
SHA512

11006003b71ae01ac1a0bf662b180a1463b051f5fdaa15076275468b89531dea31fbcecb5a508c468c2561b6305b879b5a4c6458f775595d1fd0a6bfb58bb334
SSDEEP

12288:YQiGmCL8+iDNdRI+MBTlPadSfXioRcpMXVJof:YQizi8DdFMBTlP0QjcpMXVJof

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4108	11a2bb7682b29931ba28923f4b1ade78.tmp

Loads dropped DLL 2 IoCs

pid	Process
4108	11a2bb7682b29931ba28923f4b1ade78.tmp
4108	11a2bb7682b29931ba28923f4b1ade78.tmp

Script User-Agent 8 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	48	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	50	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	52	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	56	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	4	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	6	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	19	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	40	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1480 wrote to memory of 4108	1480	11a2bb7682b29931ba28923f4b1ade78.exe	89
PID 1480 wrote to memory of 4108	1480	11a2bb7682b29931ba28923f4b1ade78.exe	89
PID 1480 wrote to memory of 4108	1480	11a2bb7682b29931ba28923f4b1ade78.exe	89

C:\Users\Admin\AppData\Local\Temp\11a2bb7682b29931ba28923f4b1ade78.exe
"C:\Users\Admin\AppData\Local\Temp\11a2bb7682b29931ba28923f4b1ade78.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1480
- C:\Users\Admin\AppData\Local\Temp\is-83F4P.tmp\11a2bb7682b29931ba28923f4b1ade78.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-83F4P.tmp\11a2bb7682b29931ba28923f4b1ade78.tmp" /SL5="$501CA,138429,56832,C:\Users\Admin\AppData\Local\Temp\11a2bb7682b29931ba28923f4b1ade78.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-5OBK7.tmp\itdownload.dll

Filesize
93KB

MD5
f84dcf5a1434787b09c50482f0e07cda

SHA1
95a33e7ca0e0b08952fe92ed2a3f97e1b0882b32

SHA256
fe2db91bc6fb0c63c3fe5d635e05a17431825a28810262a65af8234595433da3

SHA512
398af3b69b6f822267088ecad501552184baf5f872e6aaef142dc20a4c9045bcc59521014e3ba7e80731aec43fa2c769251de41c50911af1dd83ddfcc458ef14

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5OBK7.tmp\itdownload.dll

Filesize
200KB

MD5
d82a429efd885ca0f324dd92afb6b7b8

SHA1
86bbdaa15e6fc5c7779ac69c84e53c43c9eb20ea

SHA256
b258c4d7d2113dee2168ed7e35568c8e03341e24e3eafc7a22a0d62e32122ef3

SHA512
5bf0c3b8fa5db63205a263c4fa5337188173248bef609ba4d03508c50db1fd1e336f3041ce96d78cc97659357a83e6e422f5b079d893a20a683270e05f5438df

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-83F4P.tmp\11a2bb7682b29931ba28923f4b1ade78.tmp

Filesize
691KB

MD5
9303156631ee2436db23827e27337be4

SHA1
018e0d5b6ccf7000e36af30cebeb8adc5667e5fa

SHA256
bae22f27c12bce1faeb64b6eb733302aff5867baa8eed832397a7ce284a86ff4

SHA512
9fe100fafb1c74728109667b5a2261a31e49c45723de748adaa1d9cb9f8daa389b871056c70066fa3a05be82a5017c8dd590ae149a56d824a9e250d31091a40f

Download Submit
memory/1480-19-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1480-2-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1480-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1480-24-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/4108-7-0x0000000002240000-0x0000000002241000-memory.dmp

Filesize
4KB

Download
memory/4108-20-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/4108-21-0x0000000003A80000-0x0000000003ABC000-memory.dmp

Filesize
240KB

Download
memory/4108-22-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/4108-23-0x0000000003A80000-0x0000000003ABC000-memory.dmp

Filesize
240KB

Download
memory/4108-16-0x0000000003A80000-0x0000000003ABC000-memory.dmp

Filesize
240KB

Download