Analysis
-
max time kernel
134s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
26/12/2023, 17:55
Static task
static1
Behavioral task
behavioral1
Sample
821e4c194c721f6f40b6a63b71229677.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
821e4c194c721f6f40b6a63b71229677.exe
Resource
win10v2004-20231215-en
General
-
Target
821e4c194c721f6f40b6a63b71229677.exe
-
Size
524KB
-
MD5
821e4c194c721f6f40b6a63b71229677
-
SHA1
38a1eb80a5c8f32c6bb56402e5d31b357c5f648d
-
SHA256
b95a5e2ae5653e4de504a1d230857b40b1c251c5b832057a3f3ac67ec4cdb408
-
SHA512
e258c243ee8ac819ae0df8c98a1b54e416a5f1387db2402e3467d6b5c5b0135c39cd15a9486413ac5139b23b0a7a0d0893111cbc492395f362ead4aef85ee4df
-
SSDEEP
12288:UK3D4laljl9uZ9QWAx2NwX1itI8qT3ABt2tW3OKFHE4PA7n:7VVQ6x2GaI8eIR3OKtE4P
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2660 MINEEE~1.EXE -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" 821e4c194c721f6f40b6a63b71229677.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4856 wrote to memory of 2660 4856 821e4c194c721f6f40b6a63b71229677.exe 90 PID 4856 wrote to memory of 2660 4856 821e4c194c721f6f40b6a63b71229677.exe 90 PID 4856 wrote to memory of 2660 4856 821e4c194c721f6f40b6a63b71229677.exe 90
Processes
-
C:\Users\Admin\AppData\Local\Temp\821e4c194c721f6f40b6a63b71229677.exe"C:\Users\Admin\AppData\Local\Temp\821e4c194c721f6f40b6a63b71229677.exe"1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:4856 -
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MINEEE~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MINEEE~1.EXE2⤵
- Executes dropped EXE
PID:2660
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
531KB
MD53ded0d9f3644be4ee425101d53c9d531
SHA1c19997e0c8da2243beb858d8d4e992710718705f
SHA256bfc0210ee77bb884d89be9c24dff0f44866355dfbfb5eae0d1d2a5c93d908467
SHA5125643a5828206ae6e92f3cc52ac1d35284b1ae2a81549a31f6d25d1e209bdb4222ccb114a6ea6d62936ad431775ecce8905421a62055f653c3503c764a38a1bd1