4e4b4bd204eeb1706cdafad2ba56096cf2bdc2acc6a40ba84c3f9e9872499383

Analysis

max time kernel
54s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 22:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

055a4c82658aa233c9b223a0e44abfb2.exe
Size

584KB
MD5

055a4c82658aa233c9b223a0e44abfb2
SHA1

e662c0491f0c511739a14d6038e0e9b4ab64a4e7
SHA256

4e4b4bd204eeb1706cdafad2ba56096cf2bdc2acc6a40ba84c3f9e9872499383
SHA512

eaec1dbcd8924c6b8be0cdc63e5fe07ee4193020d26b7f63af69d20bfd8d82ca4f9d1903354a616de2f719329682f68c0177aba2b37c825cd0d3a165b89d4109
SSDEEP

12288:IfioJ27f8GH4tNODBnXQRDpxS1c2obY7h1YcE9Zhi7B0prye5:6zGHGODIxAoclehi7uprye5

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3748	msn.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3748 set thread context of 1280	3748	msn.exe	23

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Common Files\System\msn.exe	055a4c82658aa233c9b223a0e44abfb2.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4076	055a4c82658aa233c9b223a0e44abfb2.exe
4076	055a4c82658aa233c9b223a0e44abfb2.exe
3748	msn.exe
3748	msn.exe
1280	svchost.exe
1280	svchost.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1280	svchost.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 3748 wrote to memory of 1280	3748	msn.exe	23
PID 3748 wrote to memory of 1280	3748	msn.exe	23
PID 3748 wrote to memory of 1280	3748	msn.exe	23
PID 4076 wrote to memory of 2316	4076	055a4c82658aa233c9b223a0e44abfb2.exe	24
PID 4076 wrote to memory of 2316	4076	055a4c82658aa233c9b223a0e44abfb2.exe	24
PID 4076 wrote to memory of 2316	4076	055a4c82658aa233c9b223a0e44abfb2.exe	24
PID 3748 wrote to memory of 1280	3748	msn.exe	23
PID 3748 wrote to memory of 1280	3748	msn.exe	23

C:\Users\Admin\AppData\Local\Temp\055a4c82658aa233c9b223a0e44abfb2.exe
"C:\Users\Admin\AppData\Local\Temp\055a4c82658aa233c9b223a0e44abfb2.exe"
1⤵
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4076
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ESSODT.bat
  2⤵
  PID:2316

C:\Program Files (x86)\Common Files\System\msn.exe
"C:\Program Files (x86)\Common Files\System\msn.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3748
- C:\Windows\SysWOW64\svchost.exe
  "C:\Windows\system32\svchost.exe" 99177
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  PID:1280

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1280-85-0x0000000010000000-0x00000000100F9000-memory.dmp

Filesize
996KB

Download
memory/1280-83-0x0000000010000000-0x00000000100F9000-memory.dmp

Filesize
996KB

Download
memory/1280-89-0x0000000010000000-0x00000000100F9000-memory.dmp

Filesize
996KB

Download
memory/3748-166-0x0000000010000000-0x00000000100F9000-memory.dmp

Filesize
996KB

Download
memory/4076-0-0x0000000010000000-0x00000000100F9000-memory.dmp

Filesize
996KB

Download
memory/4076-1-0x0000000002250000-0x00000000022A0000-memory.dmp

Filesize
320KB

Download
memory/4076-16-0x0000000002CA0000-0x0000000002CA1000-memory.dmp

Filesize
4KB

Download
memory/4076-19-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/4076-52-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/4076-64-0x0000000003110000-0x0000000003111000-memory.dmp

Filesize
4KB

Download
memory/4076-63-0x0000000003130000-0x0000000003131000-memory.dmp

Filesize
4KB

Download
memory/4076-62-0x0000000003100000-0x0000000003101000-memory.dmp

Filesize
4KB

Download
memory/4076-61-0x0000000002D60000-0x0000000002D61000-memory.dmp

Filesize
4KB

Download
memory/4076-60-0x00000000036B0000-0x00000000036B1000-memory.dmp

Filesize
4KB

Download
memory/4076-59-0x00000000036C0000-0x00000000036C1000-memory.dmp

Filesize
4KB

Download
memory/4076-58-0x0000000003690000-0x0000000003691000-memory.dmp

Filesize
4KB

Download
memory/4076-57-0x0000000003670000-0x0000000003671000-memory.dmp

Filesize
4KB

Download
memory/4076-56-0x0000000003680000-0x0000000003681000-memory.dmp

Filesize
4KB

Download
memory/4076-55-0x0000000003650000-0x0000000003651000-memory.dmp

Filesize
4KB

Download
memory/4076-54-0x0000000003630000-0x0000000003631000-memory.dmp

Filesize
4KB

Download
memory/4076-53-0x0000000003150000-0x0000000003151000-memory.dmp

Filesize
4KB

Download
memory/4076-51-0x00000000030F0000-0x00000000030F1000-memory.dmp

Filesize
4KB

Download
memory/4076-50-0x0000000002FA0000-0x0000000002FA1000-memory.dmp

Filesize
4KB

Download
memory/4076-49-0x0000000002FB0000-0x0000000002FB1000-memory.dmp

Filesize
4KB

Download
memory/4076-48-0x0000000002F80000-0x0000000002F81000-memory.dmp

Filesize
4KB

Download
memory/4076-47-0x0000000002F90000-0x0000000002F91000-memory.dmp

Filesize
4KB

Download
memory/4076-46-0x0000000002F60000-0x0000000002F61000-memory.dmp

Filesize
4KB

Download
memory/4076-45-0x0000000002F70000-0x0000000002F71000-memory.dmp

Filesize
4KB

Download
memory/4076-84-0x0000000010000000-0x00000000100F9000-memory.dmp

Filesize
996KB

Download
memory/4076-44-0x0000000002F30000-0x0000000002F31000-memory.dmp

Filesize
4KB

Download
memory/4076-43-0x0000000002F40000-0x0000000002F41000-memory.dmp

Filesize
4KB

Download
memory/4076-42-0x0000000002F10000-0x0000000002F11000-memory.dmp

Filesize
4KB

Download
memory/4076-41-0x0000000002F20000-0x0000000002F21000-memory.dmp

Filesize
4KB

Download
memory/4076-40-0x0000000002EF0000-0x0000000002EF1000-memory.dmp

Filesize
4KB

Download
memory/4076-39-0x0000000002F00000-0x0000000002F01000-memory.dmp

Filesize
4KB

Download
memory/4076-38-0x0000000002DD0000-0x0000000002DD1000-memory.dmp

Filesize
4KB

Download
memory/4076-37-0x0000000002DE0000-0x0000000002DE1000-memory.dmp

Filesize
4KB

Download
memory/4076-36-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/4076-35-0x0000000002DC0000-0x0000000002DC1000-memory.dmp

Filesize
4KB

Download
memory/4076-34-0x0000000002D90000-0x0000000002D91000-memory.dmp

Filesize
4KB

Download
memory/4076-33-0x0000000002DA0000-0x0000000002DA1000-memory.dmp

Filesize
4KB

Download
memory/4076-32-0x0000000002D70000-0x0000000002D71000-memory.dmp

Filesize
4KB

Download
memory/4076-31-0x0000000002D80000-0x0000000002D81000-memory.dmp

Filesize
4KB

Download
memory/4076-30-0x0000000002D50000-0x0000000002D51000-memory.dmp

Filesize
4KB

Download
memory/4076-29-0x0000000002D30000-0x0000000002D31000-memory.dmp

Filesize
4KB

Download
memory/4076-28-0x0000000002D40000-0x0000000002D41000-memory.dmp

Filesize
4KB

Download
memory/4076-27-0x0000000002D10000-0x0000000002D11000-memory.dmp

Filesize
4KB

Download
memory/4076-26-0x0000000002D20000-0x0000000002D21000-memory.dmp

Filesize
4KB

Download
memory/4076-24-0x0000000002CF0000-0x0000000002CF1000-memory.dmp

Filesize
4KB

Download
memory/4076-23-0x0000000002D00000-0x0000000002D01000-memory.dmp

Filesize
4KB

Download
memory/4076-22-0x0000000002CE0000-0x0000000002CE1000-memory.dmp

Filesize
4KB

Download
memory/4076-21-0x00000000026A0000-0x00000000026A1000-memory.dmp

Filesize
4KB

Download
memory/4076-20-0x0000000002AF0000-0x0000000002AF1000-memory.dmp

Filesize
4KB

Download
memory/4076-18-0x00000000025F0000-0x00000000025F1000-memory.dmp

Filesize
4KB

Download
memory/4076-17-0x0000000002480000-0x0000000002481000-memory.dmp

Filesize
4KB

Download
memory/4076-15-0x0000000002170000-0x0000000002171000-memory.dmp

Filesize
4KB

Download
memory/4076-14-0x00000000007C0000-0x00000000007C1000-memory.dmp

Filesize
4KB

Download
memory/4076-13-0x00000000023D0000-0x00000000023D1000-memory.dmp

Filesize
4KB

Download
memory/4076-12-0x0000000002CD0000-0x0000000002CD1000-memory.dmp

Filesize
4KB

Download
memory/4076-11-0x0000000002C90000-0x0000000002C91000-memory.dmp

Filesize
4KB

Download
memory/4076-10-0x0000000002C80000-0x0000000002C83000-memory.dmp

Filesize
12KB

Download
memory/4076-8-0x0000000002440000-0x0000000002441000-memory.dmp

Filesize
4KB

Download
memory/4076-9-0x0000000002400000-0x0000000002401000-memory.dmp

Filesize
4KB

Download
memory/4076-6-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/4076-7-0x0000000002470000-0x0000000002471000-memory.dmp

Filesize
4KB

Download
memory/4076-5-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4076-4-0x00000000023E0000-0x00000000023E1000-memory.dmp

Filesize
4KB

Download
memory/4076-3-0x00000000023F0000-0x00000000023F1000-memory.dmp

Filesize
4KB

Download
memory/4076-2-0x0000000002460000-0x0000000002461000-memory.dmp

Filesize
4KB

Download