da72e859402c21d29ff76a0974bc0cfeaa7e9259087d54d11e8c0e56cd68788b | Triage

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 08:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5f0ad6c28a520d16157a45e2dadf5574.exe
Size

428KB
MD5

5f0ad6c28a520d16157a45e2dadf5574
SHA1

3714e858fb2f1e5c99bbcac77a5a01283627f7b8
SHA256

da72e859402c21d29ff76a0974bc0cfeaa7e9259087d54d11e8c0e56cd68788b
SHA512

8e907ed4e5ce9d69fd12263b07d8ed0d77e4765862b32e2ae717c9ba2e3bf0a9cafd282b5d21780646990f0bebdcd871c1bd7c0490bbb38ef9f9bd39e8c9a783
SSDEEP

12288:+O4rfItL8HPELOF7J8V/igJ0V+3X1KFCsOlPv7:+O4rQtGPBUqgeV0X1RlPv

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1968	770.tmp

Executes dropped EXE 1 IoCs

pid	Process
1968	770.tmp

Loads dropped DLL 1 IoCs

pid	Process
1728	5f0ad6c28a520d16157a45e2dadf5574.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1728 wrote to memory of 1968	1728	5f0ad6c28a520d16157a45e2dadf5574.exe	14
PID 1728 wrote to memory of 1968	1728	5f0ad6c28a520d16157a45e2dadf5574.exe	14
PID 1728 wrote to memory of 1968	1728	5f0ad6c28a520d16157a45e2dadf5574.exe	14
PID 1728 wrote to memory of 1968	1728	5f0ad6c28a520d16157a45e2dadf5574.exe	14

C:\Users\Admin\AppData\Local\Temp\770.tmp
"C:\Users\Admin\AppData\Local\Temp\770.tmp" --helpC:\Users\Admin\AppData\Local\Temp\5f0ad6c28a520d16157a45e2dadf5574.exe 5E418D02B7115ECE95E525828E54049FC5A245D851680D950C46D76D53F2065C43F775B2E572A9466A26C1092D653B908B63877A7B594BADCC46A0BB277E9C2C
1⤵
- Deletes itself
- Executes dropped EXE
PID:1968

C:\Users\Admin\AppData\Local\Temp\5f0ad6c28a520d16157a45e2dadf5574.exe
"C:\Users\Admin\AppData\Local\Temp\5f0ad6c28a520d16157a45e2dadf5574.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\770.tmp

Filesize
382KB

MD5
82709b5095c3b3f44663a0e9d8174a03

SHA1
0b3b0afdc9bc92abc8518684ddcc8f671e5ec9ef

SHA256
14637a17851abdbfa02944fb3559ca6637b94985c1f8222b2d0e37ff345b86a8

SHA512
8c29ee7a9f26de8e76cdd284622bea09359b4f891c1f5fd068ae9d6914cdd349cb8d6b600b4198bfcf87241162e55a06e1eb825bec6f108d80f8cffa0cad863b

Download Submit