eb05ddd17a15cbaebd6ddc41602c080c28557780d51469b8aebc473bd697cdb6

Analysis

max time kernel
149s
max time network
172s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 03:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4efc442790ca39e9fcf4abe557ee303b.exe
Size

197KB
MD5

4efc442790ca39e9fcf4abe557ee303b
SHA1

4527bd07348e71556929e1d571f57e1768a04e7b
SHA256

eb05ddd17a15cbaebd6ddc41602c080c28557780d51469b8aebc473bd697cdb6
SHA512

1e5c00c907dd9adcc70db00fbc6eb32897f75f61ccb07a2dfa1fab28abe5a7a6a5a5e162fe23da8b33a1d9da8c64283df2fb2867db726222784e3501bf8a08cd
SSDEEP

6144:eFk3isfIgr6vyTIarCxYFn/xHXvzVuD/MVKPUpn:eFsiQrLrH/JviEIPin

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4564	4efc442790ca39e9fcf4abe557ee303b.exe
4564	4efc442790ca39e9fcf4abe557ee303b.exe
4564	4efc442790ca39e9fcf4abe557ee303b.exe
4564	4efc442790ca39e9fcf4abe557ee303b.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 4564 wrote to memory of 3512	4564	4efc442790ca39e9fcf4abe557ee303b.exe	50
PID 4564 wrote to memory of 3512	4564	4efc442790ca39e9fcf4abe557ee303b.exe	50
PID 4564 wrote to memory of 3512	4564	4efc442790ca39e9fcf4abe557ee303b.exe	50
PID 4564 wrote to memory of 3512	4564	4efc442790ca39e9fcf4abe557ee303b.exe	50

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3512
- C:\Users\Admin\AppData\Local\Temp\4efc442790ca39e9fcf4abe557ee303b.exe
  "C:\Users\Admin\AppData\Local\Temp\4efc442790ca39e9fcf4abe557ee303b.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4564

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3512-14-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/3512-15-0x000000007FFD0000-0x000000007FFD1000-memory.dmp

Filesize
4KB

Download
memory/4564-8-0x0000000077B13000-0x0000000077B14000-memory.dmp

Filesize
4KB

Download
memory/4564-11-0x0000000077B03000-0x0000000077B04000-memory.dmp

Filesize
4KB

Download
memory/4564-4-0x0000000002460000-0x0000000002470000-memory.dmp

Filesize
64KB

Download
memory/4564-5-0x0000000077B12000-0x0000000077B13000-memory.dmp

Filesize
4KB

Download
memory/4564-6-0x00000000025E0000-0x00000000025F0000-memory.dmp

Filesize
64KB

Download
memory/4564-7-0x0000000076460000-0x0000000076550000-memory.dmp

Filesize
960KB

Download
memory/4564-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4564-9-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4564-10-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4564-3-0x00000000022E0000-0x00000000022F0000-memory.dmp

Filesize
64KB

Download
memory/4564-12-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/4564-2-0x0000000002070000-0x00000000020A9000-memory.dmp

Filesize
228KB

Download
memory/4564-1-0x0000000002030000-0x0000000002034000-memory.dmp

Filesize
16KB

Download
memory/4564-18-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4564-19-0x0000000002070000-0x00000000020A9000-memory.dmp

Filesize
228KB

Download
memory/4564-20-0x0000000076460000-0x0000000076550000-memory.dmp

Filesize
960KB

Download
memory/4564-21-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download