6237699a84321148e04f9840727079bbd103a6a212250339a84c1b44d8aa8ae8

Analysis

max time kernel
142s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 23:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

070ac96e10a1a56582e8d0a4963eef5d.exe
Size

656KB
MD5

070ac96e10a1a56582e8d0a4963eef5d
SHA1

b4042df35cbf7f6efd319032d9d2d622fcc955ae
SHA256

6237699a84321148e04f9840727079bbd103a6a212250339a84c1b44d8aa8ae8
SHA512

a89812ad8c5e6a1204bce6bcd366ec29c5c77d16177e406693e68aecf650932c8e3cb1877034ac5bd142d201b4f35a2fd23b769582beb3d2e2315699fd283a89
SSDEEP

12288:5na9wieRlatDR16XgDVxOENi/7lppTB/Gd1vNLbHtcvS38LCJQBtdGs1rBLsJ:5naukGX8OENiTl/B/YNkS3rJQBtUkBgJ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2680	070ac96e10a1a56582e8d0a4963eef5d.tmp

Loads dropped DLL 3 IoCs

pid	Process
2680	070ac96e10a1a56582e8d0a4963eef5d.tmp
2680	070ac96e10a1a56582e8d0a4963eef5d.tmp
2680	070ac96e10a1a56582e8d0a4963eef5d.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3944 wrote to memory of 2680	3944	070ac96e10a1a56582e8d0a4963eef5d.exe	19
PID 3944 wrote to memory of 2680	3944	070ac96e10a1a56582e8d0a4963eef5d.exe	19
PID 3944 wrote to memory of 2680	3944	070ac96e10a1a56582e8d0a4963eef5d.exe	19

C:\Users\Admin\AppData\Local\Temp\070ac96e10a1a56582e8d0a4963eef5d.exe
"C:\Users\Admin\AppData\Local\Temp\070ac96e10a1a56582e8d0a4963eef5d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3944
- C:\Users\Admin\AppData\Local\Temp\is-JUMDI.tmp\070ac96e10a1a56582e8d0a4963eef5d.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-JUMDI.tmp\070ac96e10a1a56582e8d0a4963eef5d.tmp" /SL5="$50062,396412,54272,C:\Users\Admin\AppData\Local\Temp\070ac96e10a1a56582e8d0a4963eef5d.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-HJIT0.tmp\Games.inf

Filesize
315B

MD5
8e21d830f99d2417cfbecb7ed49535ca

SHA1
65b5526e236897f7e189c0656c9c58e639a57b99

SHA256
eea90cac652f7a5ca119b6ff71e1e0e82c20343a6efceb669a9fc09f15641831

SHA512
2c9d9fadf57f6a0cb5342ca4c3cf6001370dc8bf5bd3a47a2aa82b07daf746b92dbe033d642d55c2679bd05c672ae9bc935163a3ffedc2b1b487f94990b365fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-HJIT0.tmp\isxdl.dll

Filesize
49KB

MD5
02ecc74f7f91e9ffd84de708683236a6

SHA1
3532de0b77df8b0fc89e9c7eddec3fa71f98f5a2

SHA256
30ad8a0e1cee091ca48c771adb2e76baf1a7d54b9f60dc47f54dfdc2d6f6691e

SHA512
a3fdaa651f82428395bc412a2a04fce673768d3ef088b3748addf337d95464eb141ae7c286bff5c705eae05dd7b38207629588ae7e89ada15269463cd7acf541

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-HJIT0.tmp\itdownload.dll

Filesize
11KB

MD5
bee207dde3929c0e194b4edd21638de8

SHA1
f062cc862121dc54f86341affedb43840026968a

SHA256
5b27a70ce73b835dcabb950c95a3b815c5b4e147af00c960647ef17e55f3e15b

SHA512
b33e322ff8a09c791fb5ab3c0bfd8fc9c68cd1ecc42a2fb04fdf472d0e8e272eaeab897af50904e35a06a8151ae1465d56d8f91ed8172c1b2d4e3c008fc52dc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-HJIT0.tmp\itdownload.dll

Filesize
68KB

MD5
6ed8b3ce33155dd88e4c233f94cda131

SHA1
dc45a93f2b4ea363c66fb17b464db9c74b8a8aad

SHA256
8f2f6b6c4781fd2e9d56f623317ca6408be17aa59582402335862ce787b24748

SHA512
a2da242f5aba672c9aa781a2a7c8921c9dc028d7c3d0968057f5ddea2c5caa6ea5896087b449b5dd8c97cf359199abce09afbdb8738bb51db22983b25e9b93c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-JUMDI.tmp\070ac96e10a1a56582e8d0a4963eef5d.tmp

Filesize
131B

MD5
0d8d171b1c5d75cec9cea0289a9aaa99

SHA1
9571898a4445894840edfbfab6d857d8a5e2ad54

SHA256
d275f80b94e23e6da76aa74ced0df14d75309e88dffe5ba73a66a662291d7da5

SHA512
c59b945a067fa326638d6287d3531a83293c0a9f2a17dba5e1bdd632fdc3a965338a7dd699279e8622a01896d63d554339e327507d96fe4dffda197e87cb5f0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-JUMDI.tmp\070ac96e10a1a56582e8d0a4963eef5d.tmp

Filesize
23KB

MD5
e67be0f77a960558fdf58bcb9a27eb8b

SHA1
6a102c97962f165c4922231ed058afeac986cd8b

SHA256
21b053e036e72733fd8ab59b515adc1907de21c5e3fc36d7bafdddfc78239ecd

SHA512
ee6fdae8efe13c5c2095c7482c18b8ac30fd6900615c67374038811b961088c9bb0627bda21b8124dfad516f180c117f87de5515b1d085baa23cf51ffb8551b0

Download Submit
memory/2680-7-0x0000000000650000-0x0000000000651000-memory.dmp

Filesize
4KB

Download
memory/2680-17-0x00000000032B0000-0x00000000032EC000-memory.dmp

Filesize
240KB

Download
memory/2680-37-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/2680-38-0x00000000032B0000-0x00000000032EC000-memory.dmp

Filesize
240KB

Download
memory/2680-42-0x0000000000650000-0x0000000000651000-memory.dmp

Filesize
4KB

Download
memory/3944-2-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/3944-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/3944-36-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads