cf7e21593c7590ad7408324ae354bad7d1a2f04185fd6bdb2826ee0918b0c859 | Triage

Analysis

max time kernel
198s
max time network
214s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 11:02

Sharing

Report Analysis Logs

General

Target

1948f2e5da55572daacdd5da83e3efd5.exe
Size

873KB
MD5

1948f2e5da55572daacdd5da83e3efd5
SHA1

ea75d3e8ee186aeb673bef47a644b5b6a45bd07a
SHA256

cf7e21593c7590ad7408324ae354bad7d1a2f04185fd6bdb2826ee0918b0c859
SHA512

b00fbfce274e5840c9f696286227ca4ef79792da516a8f71c05e3536e14f62508e982fbf217dabe333fdd536550694aecb12b4dab95a2d4d0adf2bab1c7ccc13
SSDEEP

24576:8aOmTrmKxh/fgALvJhXkZ6nLZmN1VUZm:8aOA66hLLhhXkELZmXiZm

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3716	5C83.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4528 wrote to memory of 3716	4528	1948f2e5da55572daacdd5da83e3efd5.exe	89
PID 4528 wrote to memory of 3716	4528	1948f2e5da55572daacdd5da83e3efd5.exe	89
PID 4528 wrote to memory of 3716	4528	1948f2e5da55572daacdd5da83e3efd5.exe	89

C:\Users\Admin\AppData\Local\Temp\1948f2e5da55572daacdd5da83e3efd5.exe
"C:\Users\Admin\AppData\Local\Temp\1948f2e5da55572daacdd5da83e3efd5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4528
- C:\Users\Admin\AppData\Local\Temp\5C83.tmp
  "C:\Users\Admin\AppData\Local\Temp\5C83.tmp"
  2⤵
  - Executes dropped EXE
  PID:3716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\5C83.tmp

Filesize
873KB

MD5
2ade68774532da0cc3f1b5ca95112ae3

SHA1
678b094fd6027f9a47eb16d209467297bec9d32b

SHA256
4eed73f88f075939fdc7554270ff1820559eee61a1757c183f965e7cc7811824

SHA512
4d5eb63a9ea2bf7c1b9e36c91541960ce7a658e0d196a975d32216988721526ca2f4ac899d3bf50a2959dd23b43d3e717a2bbcca78b35aeda183157d0e620e9e

Download Submit