d14959bcb9bc49ab22a85b674038a563e1cf160b13dca14996853a16bfc8c111

Analysis

max time kernel
143s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 16:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2c931458339dbe604995958b99053308.exe
Size

4.9MB
MD5

2c931458339dbe604995958b99053308
SHA1

e995058bcdc037a71f32db3256ab4abf82640a22
SHA256

d14959bcb9bc49ab22a85b674038a563e1cf160b13dca14996853a16bfc8c111
SHA512

af7d477d333032fffee4364ef1c15f23306466f81ebefb736a358caeaa1e72e121789b4766f7a074114be474dfa008ad05c5404052c28763f8c765a98971d43c
SSDEEP

98304:Ev0v17FWeu7WM2R0bJAHJ8dP3EXi/rHDWQMRt7qN0CGBPXUaE/bEyP:A0d7FWeuyMLJ3ESjjd2yCq/AyP

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
3180	2c931458339dbe604995958b99053308.tmp

Loads dropped DLL 2 IoCs

pid	Process
3180	2c931458339dbe604995958b99053308.tmp
3180	2c931458339dbe604995958b99053308.tmp

Script User-Agent 1 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	100	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4080 wrote to memory of 3180	4080	2c931458339dbe604995958b99053308.exe	90
PID 4080 wrote to memory of 3180	4080	2c931458339dbe604995958b99053308.exe	90
PID 4080 wrote to memory of 3180	4080	2c931458339dbe604995958b99053308.exe	90

C:\Users\Admin\AppData\Local\Temp\2c931458339dbe604995958b99053308.exe
"C:\Users\Admin\AppData\Local\Temp\2c931458339dbe604995958b99053308.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4080
- C:\Users\Admin\AppData\Local\Temp\is-O2C2H.tmp\2c931458339dbe604995958b99053308.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-O2C2H.tmp\2c931458339dbe604995958b99053308.tmp" /SL5="$11003E,4568266,119808,C:\Users\Admin\AppData\Local\Temp\2c931458339dbe604995958b99053308.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-HFK6E.tmp\itdownload.dll

Filesize
200KB

MD5
d82a429efd885ca0f324dd92afb6b7b8

SHA1
86bbdaa15e6fc5c7779ac69c84e53c43c9eb20ea

SHA256
b258c4d7d2113dee2168ed7e35568c8e03341e24e3eafc7a22a0d62e32122ef3

SHA512
5bf0c3b8fa5db63205a263c4fa5337188173248bef609ba4d03508c50db1fd1e336f3041ce96d78cc97659357a83e6e422f5b079d893a20a683270e05f5438df

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-O2C2H.tmp\2c931458339dbe604995958b99053308.tmp

Filesize
1.1MB

MD5
d5d303dbabe599c5b4c9b96571d1b599

SHA1
265641e6144297bfe761ca3b332349e0d0b7a5b5

SHA256
e277bc4cc95eec3a3b1341270f62c12adcf2c6ed666f59f611219e4193d1fe44

SHA512
de44eac295721c07c789a1c5862e1522a0c0a73d0a0e6d016de60672fab447e7eae5b7b5ad9ae2be2cadf1d9559cdadc6bd2367a195172305085ab1bc2c683be

Download Submit
memory/3180-22-0x0000000003350000-0x000000000338C000-memory.dmp

Filesize
240KB

Download
memory/3180-25-0x0000000003350000-0x000000000338C000-memory.dmp

Filesize
240KB

Download
memory/3180-10-0x0000000000400000-0x000000000052D000-memory.dmp

Filesize
1.2MB

Download
memory/3180-6-0x00000000022E0000-0x00000000022E1000-memory.dmp

Filesize
4KB

Download
memory/3180-14-0x0000000003350000-0x000000000338C000-memory.dmp

Filesize
240KB

Download
memory/3180-17-0x0000000000400000-0x000000000052D000-memory.dmp

Filesize
1.2MB

Download
memory/3180-18-0x0000000003350000-0x000000000338C000-memory.dmp

Filesize
240KB

Download
memory/3180-19-0x00000000022E0000-0x00000000022E1000-memory.dmp

Filesize
4KB

Download
memory/3180-54-0x0000000003350000-0x000000000338C000-memory.dmp

Filesize
240KB

Download
memory/3180-53-0x0000000000400000-0x000000000052D000-memory.dmp

Filesize
1.2MB

Download
memory/3180-28-0x0000000003350000-0x000000000338C000-memory.dmp

Filesize
240KB

Download
memory/3180-31-0x0000000003350000-0x000000000338C000-memory.dmp

Filesize
240KB

Download
memory/3180-37-0x0000000003350000-0x000000000338C000-memory.dmp

Filesize
240KB

Download
memory/3180-40-0x0000000003350000-0x000000000338C000-memory.dmp

Filesize
240KB

Download
memory/3180-43-0x0000000003350000-0x000000000338C000-memory.dmp

Filesize
240KB

Download
memory/3180-46-0x0000000003350000-0x000000000338C000-memory.dmp

Filesize
240KB

Download
memory/4080-9-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4080-1-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download