Analysis
-
max time kernel
184s -
max time network
200s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
26/12/2023, 02:49
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
4dd2f1800372452bc9973c3dbed83347.exe
Resource
win7-20231215-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
4dd2f1800372452bc9973c3dbed83347.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
4dd2f1800372452bc9973c3dbed83347.exe
-
Size
316KB
-
MD5
4dd2f1800372452bc9973c3dbed83347
-
SHA1
5c77d4b8c107868a19ff6ff1e09a14bdd5eb82ad
-
SHA256
f0140f1713e30ad2e5beeefa3673603b296ed30b2516417d12ba14f6451fb485
-
SHA512
07d3d7b7dc327f04bebfae723e28448aa910b0efdf095a9e69ec7295c4cf6a7bb3908678e244269dd9d2fd6af7f04557c9599a40929379e1334fb14a1b408ca5
-
SSDEEP
6144:PC1Y5VPl68BT82twU/ef08wBAS5E5gbHhq6b/CekviC2V8E:FZxBSU/RBXiqHhdkqF8
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 4 IoCs
pid Process 448 iexplorer.exe 4364 iexplorer.exe 60 iexplorer.exe 1848 iexplorer.exe -
Drops file in System32 directory 6 IoCs
description ioc Process File created C:\Windows\SysWOW64\iexplorer.exe iexplorer.exe File created C:\Windows\SysWOW64\iexplorer.exe iexplorer.exe File created C:\Windows\SysWOW64\iexplorer.exe iexplorer.exe File created C:\Windows\SysWOW64\iexplorer.exe 4dd2f1800372452bc9973c3dbed83347.exe File opened for modification C:\Windows\SysWOW64\iexplorer.exe 4dd2f1800372452bc9973c3dbed83347.exe File created C:\Windows\SysWOW64\iexplorer.exe iexplorer.exe -
Suspicious behavior: EnumeratesProcesses 60 IoCs
pid Process 4872 4dd2f1800372452bc9973c3dbed83347.exe 4872 4dd2f1800372452bc9973c3dbed83347.exe 4872 4dd2f1800372452bc9973c3dbed83347.exe 4872 4dd2f1800372452bc9973c3dbed83347.exe 4872 4dd2f1800372452bc9973c3dbed83347.exe 4872 4dd2f1800372452bc9973c3dbed83347.exe 4872 4dd2f1800372452bc9973c3dbed83347.exe 4872 4dd2f1800372452bc9973c3dbed83347.exe 4872 4dd2f1800372452bc9973c3dbed83347.exe 4872 4dd2f1800372452bc9973c3dbed83347.exe 4872 4dd2f1800372452bc9973c3dbed83347.exe 4872 4dd2f1800372452bc9973c3dbed83347.exe 448 iexplorer.exe 448 iexplorer.exe 448 iexplorer.exe 448 iexplorer.exe 448 iexplorer.exe 448 iexplorer.exe 448 iexplorer.exe 448 iexplorer.exe 448 iexplorer.exe 448 iexplorer.exe 448 iexplorer.exe 448 iexplorer.exe 4364 iexplorer.exe 4364 iexplorer.exe 4364 iexplorer.exe 4364 iexplorer.exe 4364 iexplorer.exe 4364 iexplorer.exe 4364 iexplorer.exe 4364 iexplorer.exe 4364 iexplorer.exe 4364 iexplorer.exe 4364 iexplorer.exe 4364 iexplorer.exe 60 iexplorer.exe 60 iexplorer.exe 60 iexplorer.exe 60 iexplorer.exe 60 iexplorer.exe 60 iexplorer.exe 60 iexplorer.exe 60 iexplorer.exe 60 iexplorer.exe 60 iexplorer.exe 60 iexplorer.exe 60 iexplorer.exe 1848 iexplorer.exe 1848 iexplorer.exe 1848 iexplorer.exe 1848 iexplorer.exe 1848 iexplorer.exe 1848 iexplorer.exe 1848 iexplorer.exe 1848 iexplorer.exe 1848 iexplorer.exe 1848 iexplorer.exe 1848 iexplorer.exe 1848 iexplorer.exe -
Suspicious use of WriteProcessMemory 12 IoCs
description pid Process procid_target PID 4872 wrote to memory of 448 4872 4dd2f1800372452bc9973c3dbed83347.exe 91 PID 4872 wrote to memory of 448 4872 4dd2f1800372452bc9973c3dbed83347.exe 91 PID 4872 wrote to memory of 448 4872 4dd2f1800372452bc9973c3dbed83347.exe 91 PID 448 wrote to memory of 4364 448 iexplorer.exe 93 PID 448 wrote to memory of 4364 448 iexplorer.exe 93 PID 448 wrote to memory of 4364 448 iexplorer.exe 93 PID 4364 wrote to memory of 60 4364 iexplorer.exe 100 PID 4364 wrote to memory of 60 4364 iexplorer.exe 100 PID 4364 wrote to memory of 60 4364 iexplorer.exe 100 PID 60 wrote to memory of 1848 60 iexplorer.exe 103 PID 60 wrote to memory of 1848 60 iexplorer.exe 103 PID 60 wrote to memory of 1848 60 iexplorer.exe 103
Processes
-
C:\Users\Admin\AppData\Local\Temp\4dd2f1800372452bc9973c3dbed83347.exe"C:\Users\Admin\AppData\Local\Temp\4dd2f1800372452bc9973c3dbed83347.exe"1⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4872 -
C:\Windows\SysWOW64\iexplorer.exeC:\Windows\system32\iexplorer.exe -bai C:\Users\Admin\AppData\Local\Temp\4dd2f1800372452bc9973c3dbed83347.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:448 -
C:\Windows\SysWOW64\iexplorer.exeC:\Windows\system32\iexplorer.exe -bai C:\Windows\SysWOW64\iexplorer.exe3⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4364 -
C:\Windows\SysWOW64\iexplorer.exeC:\Windows\system32\iexplorer.exe -bai C:\Windows\SysWOW64\iexplorer.exe4⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:60 -
C:\Windows\SysWOW64\iexplorer.exeC:\Windows\system32\iexplorer.exe -bai C:\Windows\SysWOW64\iexplorer.exe5⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:1848
-
-
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
316KB
MD54dd2f1800372452bc9973c3dbed83347
SHA15c77d4b8c107868a19ff6ff1e09a14bdd5eb82ad
SHA256f0140f1713e30ad2e5beeefa3673603b296ed30b2516417d12ba14f6451fb485
SHA51207d3d7b7dc327f04bebfae723e28448aa910b0efdf095a9e69ec7295c4cf6a7bb3908678e244269dd9d2fd6af7f04557c9599a40929379e1334fb14a1b408ca5