Analysis

  • max time kernel
    134s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/12/2023, 17:55

General

  • Target

    821e4c194c721f6f40b6a63b71229677.exe

  • Size

    524KB

  • MD5

    821e4c194c721f6f40b6a63b71229677

  • SHA1

    38a1eb80a5c8f32c6bb56402e5d31b357c5f648d

  • SHA256

    b95a5e2ae5653e4de504a1d230857b40b1c251c5b832057a3f3ac67ec4cdb408

  • SHA512

    e258c243ee8ac819ae0df8c98a1b54e416a5f1387db2402e3467d6b5c5b0135c39cd15a9486413ac5139b23b0a7a0d0893111cbc492395f362ead4aef85ee4df

  • SSDEEP

    12288:UK3D4laljl9uZ9QWAx2NwX1itI8qT3ABt2tW3OKFHE4PA7n:7VVQ6x2GaI8eIR3OKtE4P

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\821e4c194c721f6f40b6a63b71229677.exe
    "C:\Users\Admin\AppData\Local\Temp\821e4c194c721f6f40b6a63b71229677.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:4856
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MINEEE~1.EXE
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MINEEE~1.EXE
      2⤵
      • Executes dropped EXE
      PID:2660

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MINEEE~1.EXE

          Filesize

          531KB

          MD5

          3ded0d9f3644be4ee425101d53c9d531

          SHA1

          c19997e0c8da2243beb858d8d4e992710718705f

          SHA256

          bfc0210ee77bb884d89be9c24dff0f44866355dfbfb5eae0d1d2a5c93d908467

          SHA512

          5643a5828206ae6e92f3cc52ac1d35284b1ae2a81549a31f6d25d1e209bdb4222ccb114a6ea6d62936ad431775ecce8905421a62055f653c3503c764a38a1bd1