46ef2297b15024766e958dde8e67a007e9bfac407bdc6d972be6ccbe977728a2

Analysis

max time kernel
151s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 22:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

05332eab7039a0fec21a198efb7dc6ce.exe
Size

132KB
MD5

05332eab7039a0fec21a198efb7dc6ce
SHA1

1d0f7d419515779c2c7a43347f6f44218b17cf17
SHA256

46ef2297b15024766e958dde8e67a007e9bfac407bdc6d972be6ccbe977728a2
SHA512

88a032817180788c5fa2df6e9113b75077bbb84b74be9d493f80da04894e40ba3418ea6cb60183bb5ca8b893282a9960582b7d5d733d9f872cc3df4a1fb3539d
SSDEEP

3072:BjeEUA4jVPv+4f291w48yvZwtZxp+u7smJc:B9U/v+4QWZz

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1808	svchost.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\svchost.exe	05332eab7039a0fec21a198efb7dc6ce.exe
File created	C:\Windows\svchost.exe	05332eab7039a0fec21a198efb7dc6ce.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4436	05332eab7039a0fec21a198efb7dc6ce.exe
4436	05332eab7039a0fec21a198efb7dc6ce.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4436 wrote to memory of 4380	4436	05332eab7039a0fec21a198efb7dc6ce.exe	42
PID 4436 wrote to memory of 4380	4436	05332eab7039a0fec21a198efb7dc6ce.exe	42
PID 4436 wrote to memory of 4380	4436	05332eab7039a0fec21a198efb7dc6ce.exe	42

C:\Users\Admin\AppData\Local\Temp\05332eab7039a0fec21a198efb7dc6ce.exe
"C:\Users\Admin\AppData\Local\Temp\05332eab7039a0fec21a198efb7dc6ce.exe"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4436
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a23515$$.bat
  2⤵
  PID:4380

C:\Windows\svchost.exe
"C:\Windows\svchost.exe" /service
1⤵
- Executes dropped EXE
PID:1808

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\$$a23515$$.bat

Filesize
152B

MD5
0b771bed5e8a0bd50bda25a6e95ca503

SHA1
2663fdbef8bef5bda9e37568f5969998e4b4c75e

SHA256
93d150abc4ca687f732e2670d578afa9f6f566dcd0f5b88f4d373c038c7aa7ef

SHA512
5a882925a0570eb5e7937088b266149669fdd1e74be3b6828c68becd097660663d9cc7fe940b7c3d9506f7d8bca51728e6b556dd71517fb5d585de039308369e

Download Submit
C:\Windows\svchost.exe

Filesize
16KB

MD5
b5466b2c7c4dd4ae40fb376257e34ad7

SHA1
93fa6195a874032881e23b02d0483ab397665690

SHA256
121ab30c3e06915b3ba5180b2fed0809ea93fb93c1888ec3260d6a01fc15899a

SHA512
a38cc12ed983dcf778bf1935f13f51ac00a8e55513425ed0791c77820f94a8b476a9503aac4fd55bc9b2b71b717b3310edcb119f3ebe425a07600070db6be7cf

Download Submit
C:\Windows\svchost.exe

Filesize
9KB

MD5
b395767f6c75b415e089391cb7be42ae

SHA1
da72916ebd4cb066fced0494339345f74bf2f69e

SHA256
a0207b06c0926f24d04e21c965f69d49604fd1a4a3c576ba34895f7c127b6f95

SHA512
0485f7c26741d5240021beab0d6d6496f7abd35776584edae170f34e6a32a7e58c1d10fd5c86890f3e44f628caed15f191c5203a22fa63d1767cdeae39331171

Download Submit
memory/1808-5-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/1808-10-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4436-0-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4436-1-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/4436-8-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download