6f92cb4ce70f415be9d475439678c1bf7f94e1eac4ad33fc780c348a96a0b1fb

Analysis

max time kernel
141s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 11:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1b505b90f332767c8cf8edf301254b47.exe
Size

815KB
MD5

1b505b90f332767c8cf8edf301254b47
SHA1

e838a2c68eb8a5c438264f4f2fc05cb2254bdd90
SHA256

6f92cb4ce70f415be9d475439678c1bf7f94e1eac4ad33fc780c348a96a0b1fb
SHA512

2741e7fc4217b4c9e760121471d538a102915a702f24e8eae56ce396752462b42ddf666082276ca8c893436c63bf8eb56b9b5c45649359974e48a772016b1ff9
SSDEEP

12288:5na9Li+ckSRCuNs21KYk1akbdWgOlZ5t9mx0WLqHm2+tcvS38LCJQBtdGs1rBLsJ:5naRlSUWQJbdWthGSmlkS3rJQBtUkBgJ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3844	1b505b90f332767c8cf8edf301254b47.tmp

Loads dropped DLL 3 IoCs

pid	Process
3844	1b505b90f332767c8cf8edf301254b47.tmp
3844	1b505b90f332767c8cf8edf301254b47.tmp
3844	1b505b90f332767c8cf8edf301254b47.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 712 wrote to memory of 3844	712	1b505b90f332767c8cf8edf301254b47.exe	20
PID 712 wrote to memory of 3844	712	1b505b90f332767c8cf8edf301254b47.exe	20
PID 712 wrote to memory of 3844	712	1b505b90f332767c8cf8edf301254b47.exe	20

C:\Users\Admin\AppData\Local\Temp\1b505b90f332767c8cf8edf301254b47.exe
"C:\Users\Admin\AppData\Local\Temp\1b505b90f332767c8cf8edf301254b47.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:712
- C:\Users\Admin\AppData\Local\Temp\is-1QN2T.tmp\1b505b90f332767c8cf8edf301254b47.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-1QN2T.tmp\1b505b90f332767c8cf8edf301254b47.tmp" /SL5="$110066,444788,54272,C:\Users\Admin\AppData\Local\Temp\1b505b90f332767c8cf8edf301254b47.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3844

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-1QN2T.tmp\1b505b90f332767c8cf8edf301254b47.tmp

Filesize
688KB

MD5
c765336f0dcf4efdcc2101eed67cd30c

SHA1
fa0279f59738c5aa3b6b20106e109ccd77f895a7

SHA256
c5177fdc6031728e10141745cd69edbc91c92d14411a2dec6e8e8caa4f74ab28

SHA512
06a67ac37c20897967e2cad453793a6ef1c7804d4c578404f845daa88c859b15b0acb51642e6ad23ca6ba6549b02d5f6c98b1fa402004bdbf9d646abab7ec891

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1QN2T.tmp\1b505b90f332767c8cf8edf301254b47.tmp

Filesize
385KB

MD5
ebfc4fd567607780eac71c30df4bb9cf

SHA1
e04dc94d5b362fd4462f66283a7d01d0d7678f7b

SHA256
9b8bbba40e5c60adaefed6cc7c116c7d78386aca5aaf160dc6df1fee1285e4ee

SHA512
3955d4be2b1d4d327d4e5a1e12436388c77a35e3a4eb0dabef523dbc25681bc630f5dae18b4cd88fb468d6327df8dfb07da336ade4094931cad76c6b5d2a2446

Download Submit
memory/712-2-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/712-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/712-36-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/3844-7-0x0000000002240000-0x0000000002241000-memory.dmp

Filesize
4KB

Download
memory/3844-17-0x0000000003270000-0x00000000032AC000-memory.dmp

Filesize
240KB

Download
memory/3844-38-0x0000000003270000-0x00000000032AC000-memory.dmp

Filesize
240KB

Download
memory/3844-37-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/3844-42-0x0000000002240000-0x0000000002241000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads