f8d9858d0372c1c4a3dbdb9f2355455ea76b82e11a79dc17bafc9064380222ce

Analysis

max time kernel
141s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 18:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

332640b67b5d49152f53caa9706afa0a.exe
Size

2.5MB
MD5

332640b67b5d49152f53caa9706afa0a
SHA1

de2eac0a3516beab34cffcdf4bf9826dc1b0b7d5
SHA256

f8d9858d0372c1c4a3dbdb9f2355455ea76b82e11a79dc17bafc9064380222ce
SHA512

c3449941f42ba39798ab4e0027ce578a916748fad53136f9f9961111ab23b1f3ccec5481aceea9a09ae0b5d9113f6ef4a9aafdd210eb6f491f0b185ded1813f2
SSDEEP

49152:5apBkFuWRn3t4HUgvfLqFgKxCU7LQWVbr+ql/DgmEuNbgz6UHY5IvVinXBgJ:QpBkF1B9EUgvfLLU7tZj/DgmEuVQ6UHt

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1964	332640b67b5d49152f53caa9706afa0a.tmp

Loads dropped DLL 1 IoCs

pid	Process
1964	332640b67b5d49152f53caa9706afa0a.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4808 wrote to memory of 1964	4808	332640b67b5d49152f53caa9706afa0a.exe	19
PID 4808 wrote to memory of 1964	4808	332640b67b5d49152f53caa9706afa0a.exe	19
PID 4808 wrote to memory of 1964	4808	332640b67b5d49152f53caa9706afa0a.exe	19

C:\Users\Admin\AppData\Local\Temp\332640b67b5d49152f53caa9706afa0a.exe
"C:\Users\Admin\AppData\Local\Temp\332640b67b5d49152f53caa9706afa0a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4808
- C:\Users\Admin\AppData\Local\Temp\is-N3K03.tmp\332640b67b5d49152f53caa9706afa0a.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-N3K03.tmp\332640b67b5d49152f53caa9706afa0a.tmp" /SL5="$6022E,2331158,54272,C:\Users\Admin\AppData\Local\Temp\332640b67b5d49152f53caa9706afa0a.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-2UKB3.tmp\Games.inf

Filesize
180B

MD5
de0497dbc19b6c90952a809b4de366e1

SHA1
eaa6ed8296fe0afcfcac725b030b5fb531dc85b4

SHA256
51a8a33b7e9ec70ad04db1fbad825d920a7f8cab79ee93a06ceecb78accb2e0b

SHA512
59d4d4db9a0726c156035af6f66cd43d2d91e482c77dddc4dd28b1b09eb0085f0d915984e47aec5e225e8106e6480db69205e7aaf03d77419eda4639c0ee9b01

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-2UKB3.tmp\isxdl.dll

Filesize
49KB

MD5
02ecc74f7f91e9ffd84de708683236a6

SHA1
3532de0b77df8b0fc89e9c7eddec3fa71f98f5a2

SHA256
30ad8a0e1cee091ca48c771adb2e76baf1a7d54b9f60dc47f54dfdc2d6f6691e

SHA512
a3fdaa651f82428395bc412a2a04fce673768d3ef088b3748addf337d95464eb141ae7c286bff5c705eae05dd7b38207629588ae7e89ada15269463cd7acf541

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-N3K03.tmp\332640b67b5d49152f53caa9706afa0a.tmp

Filesize
31KB

MD5
2c5f7d4e6bf94e68fc64cb28d0053bb3

SHA1
c8c5fc816f55ecab448da338c305d76dc6aa4f98

SHA256
ae88919c122a82c222b10e55e50abef8016448b19e9104a2161ec98ffdf1b1be

SHA512
eea32a5860fb36099c68ac57b538b228d08110b74b097a65c900f892136f389e5a61e4a312d0ce9e40788c5f719c0df8a5bf9a79742dbe34c8f9f2ab0939c054

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-N3K03.tmp\332640b67b5d49152f53caa9706afa0a.tmp

Filesize
25KB

MD5
b79c89e856b0283f0e10cac670682ff8

SHA1
befb036ffb56cfd7dcc4eab7412235f3f453c5e0

SHA256
653e2e525079da5600de4955c90a11771bf4b73277b35e507c51b558562eda5b

SHA512
0b912c6535df259fac03c69953d9fbc7b92b7759319c2b803690780d1672481de78ffb6cacf8c6b938a2ac5dd3391a62065f0e33fe5e5ba8cec8b7126ec9dee2

Download Submit
memory/1964-7-0x0000000002100000-0x0000000002101000-memory.dmp

Filesize
4KB

Download
memory/1964-37-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/1964-40-0x0000000002100000-0x0000000002101000-memory.dmp

Filesize
4KB

Download
memory/4808-2-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/4808-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/4808-36-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads