eea3d86e704ce4c4274ddd4bee06ae59b93ff6e49d1b4ce81355d52c1f6a886c

Analysis

max time kernel
184s
max time network
190s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 19:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

01eadccad7ee4f1a603eb35b69d31e1f.exe
Size

273KB
MD5

01eadccad7ee4f1a603eb35b69d31e1f
SHA1

68f7e6d4e4cd4f47939077ca428fc6e66bfc5c0f
SHA256

eea3d86e704ce4c4274ddd4bee06ae59b93ff6e49d1b4ce81355d52c1f6a886c
SHA512

0ac2e0a5a516d5360e16faf6170ba7c17d8d519b340d0fa36fe9708937f81a6c9e02f582e3848b638a30028ee5ca5ec31b5a21d8b4cc18b9ee7486c13d6565d3
SSDEEP

6144:y931FlqrNz04oZ8IgrV61iLo7qD9ML+yvioC7HT/0W8:QlqpzoZ7grc1ko79L+iioazS

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4888	80E3.tmp

Loads dropped DLL 2 IoCs

pid	Process
3256	01eadccad7ee4f1a603eb35b69d31e1f.exe
3256	01eadccad7ee4f1a603eb35b69d31e1f.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3256	01eadccad7ee4f1a603eb35b69d31e1f.exe
3256	01eadccad7ee4f1a603eb35b69d31e1f.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3256 wrote to memory of 4888	3256	01eadccad7ee4f1a603eb35b69d31e1f.exe	100
PID 3256 wrote to memory of 4888	3256	01eadccad7ee4f1a603eb35b69d31e1f.exe	100
PID 3256 wrote to memory of 4888	3256	01eadccad7ee4f1a603eb35b69d31e1f.exe	100
PID 3256 wrote to memory of 1528	3256	01eadccad7ee4f1a603eb35b69d31e1f.exe	101
PID 3256 wrote to memory of 1528	3256	01eadccad7ee4f1a603eb35b69d31e1f.exe	101
PID 3256 wrote to memory of 1528	3256	01eadccad7ee4f1a603eb35b69d31e1f.exe	101

C:\Users\Admin\AppData\Local\Temp\01eadccad7ee4f1a603eb35b69d31e1f.exe
"C:\Users\Admin\AppData\Local\Temp\01eadccad7ee4f1a603eb35b69d31e1f.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3256
- C:\Users\Admin\AppData\Local\Temp\80E3.tmp
  C:\Users\Admin\AppData\Local\Temp\80E3.tmp
  2⤵
  - Executes dropped EXE
  PID:4888
- C:\Users\Admin\AppData\Local\Temp\01eadccad7ee4f1a603eb35b69d31e1f.exe
  "C:\Users\Admin\AppData\Local\Temp\01eadccad7ee4f1a603eb35b69d31e1f.exe" --cp "C:\Users\Admin\AppData\Local\Temp\84AD.tmp"
  2⤵
  PID:1528

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\80E3.tmp

Filesize
235KB

MD5
e1a7771462421cab74f1b5a30b9b5975

SHA1
4795bfb757ea700a6e8e8cca374a2be93775901e

SHA256
81e996565578d0ccaac69ba03c5b7bd067391e4f37401478c7c8e359fd53665c

SHA512
479d202d7bdc56b4a9b9e5aec4362efd2d7f0187edcdba9a371dc86a21a9a1845b4bb6ddab7142fef2e52fbce78f9184e0078e88794b8e110b49d6f94936860c

Download Submit
C:\Users\Admin\AppData\Local\Temp\84AD.tmp

Filesize
273KB

MD5
5d72bb5f21497388e48d9742d99555df

SHA1
5edce15a0372a35be463f51c28dc5692395e28e4

SHA256
6201a3f04186da6e800257e2bac96e25820e1c6e016416fe747df26ad2b1dd20

SHA512
b6f4e945717981d00d41e7d2db740c603a1d18f530caac1239ebb214fb74d9ac0602af8df2fe694205283fe053c9aa229e89e0c6e4f321f55dca43754bc7064a

Download Submit
memory/1528-12-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/1528-15-0x0000000000450000-0x000000000049C000-memory.dmp

Filesize
304KB

Download
memory/3256-19-0x0000000000450000-0x000000000049B000-memory.dmp

Filesize
300KB

Download
memory/3256-9-0x0000000000450000-0x000000000049C000-memory.dmp

Filesize
304KB

Download
memory/3256-2-0x0000000000450000-0x000000000049C000-memory.dmp

Filesize
304KB

Download
memory/3256-1-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/3256-0-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/3256-26-0x0000000000450000-0x000000000049B000-memory.dmp

Filesize
300KB

Download
memory/3256-27-0x0000000000450000-0x000000000049B000-memory.dmp

Filesize
300KB

Download
memory/3256-28-0x0000000000720000-0x000000000076C000-memory.dmp

Filesize
304KB

Download
memory/3256-37-0x0000000000720000-0x000000000076C000-memory.dmp

Filesize
304KB

Download
memory/4888-22-0x0000000000400000-0x000000000043D110-memory.dmp

Filesize
244KB

Download
memory/4888-23-0x0000000000610000-0x0000000000648000-memory.dmp

Filesize
224KB

Download
memory/4888-32-0x0000000000610000-0x0000000000648000-memory.dmp

Filesize
224KB

Download