Analysis

  • max time kernel
    192s
  • max time network
    212s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-12-2023 15:56

General

  • Target

    2b164e7165afddebc3a795016cef07f1.exe

  • Size

    1.5MB

  • MD5

    2b164e7165afddebc3a795016cef07f1

  • SHA1

    2b450a69aaf208fb2471998bfc85000407d11e2d

  • SHA256

    a0e96247a16699f65bae32b9c5ed7bed1efae83f391988cd31a794ccb575c706

  • SHA512

    d294a5e9460619a6997e1dcfc98e5abfd0941c4bb1e56e781d1b06b4e083ffded365829c31604bdc2620f67b6cb2cd77db0632ec5255512be2689d2f053d8938

  • SSDEEP

    49152:lrq0R07QQmgtdejDiuTuSrhBBtyGOJofSZ:hq0+7P3eH/rKGO2W

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2b164e7165afddebc3a795016cef07f1.exe
    "C:\Users\Admin\AppData\Local\Temp\2b164e7165afddebc3a795016cef07f1.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1384
    • C:\Users\Admin\AppData\Local\Temp\6A1F.tmp
      "C:\Users\Admin\AppData\Local\Temp\6A1F.tmp" --pingC:\Users\Admin\AppData\Local\Temp\2b164e7165afddebc3a795016cef07f1.exe 0388DBEDA6FD18561A57E6A52B90F8690CE5538C00399D3413CEA0DE15C69A54EF490B99FCBF3F607368B941D3B4AC54025111E572C33D43F83A5E8E76A2C3AE
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2300

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\6A1F.tmp

    Filesize

    140KB

    MD5

    0e6bb442441d2a1084604b9bf2f945e4

    SHA1

    cab35982db12b6ae0d8b69ff2b74a175c9e9602b

    SHA256

    881627f4c4e6c95681379df5fd802587c6d8f413d8d6e16ce27c7d59aeff3bbd

    SHA512

    cef179db5c433844fee27ff0b01661589598eb10d641692415bd9983b94982008575a177f46bf554c5c5640e1ab38b2e5e01a2e05e9f045df8e5ccbdf2f571c3

  • C:\Users\Admin\AppData\Local\Temp\6A1F.tmp

    Filesize

    410KB

    MD5

    2ce17c37326f9553d85cdcbb096927e0

    SHA1

    b8318dc87730184a2f29ab5398ada3cb59a31dd5

    SHA256

    bd3f730fd711df628f365dc5d6289207eb219adfac256aceaf0f1b74ec8b5d76

    SHA512

    65375325a44da5282b16be860a095b53ebb8488fc5e89ce3825e9602f87f6528da9bc0fd91c703b1c77f7a4d62044d54a59e35873dcb3860ba8fc196ccc591db

  • memory/1384-0-0x0000000000B60000-0x0000000000D2E000-memory.dmp

    Filesize

    1.8MB

  • memory/1384-1-0x0000000002D70000-0x0000000002DEA000-memory.dmp

    Filesize

    488KB

  • memory/2300-7-0x0000000002EC0000-0x0000000002F3A000-memory.dmp

    Filesize

    488KB

  • memory/2300-8-0x00000000005A0000-0x000000000076E000-memory.dmp

    Filesize

    1.8MB