906d8cdad2e15e8a28513a4832b4db93bb52d04ad79ead66de487a463c514a8a

Analysis

max time kernel
186s
max time network
207s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 20:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0289eb0ff23f45e7005591a2184107e0.exe
Size

685KB
MD5

0289eb0ff23f45e7005591a2184107e0
SHA1

ca0383ce85aa43c14ca44e7433fef8b3b81a936d
SHA256

906d8cdad2e15e8a28513a4832b4db93bb52d04ad79ead66de487a463c514a8a
SHA512

fd1ca6e07a9b97e99817c048d2a79ac61ba1f5229a9b783fb11eec669249420c96ba0c75365d960d18d3a26baea1ea35a2983c2063597c8cc732c753639d0317
SSDEEP

12288:Cn3NTTloFoycVCm2AxqAVM4ZBoKgXOEpjZV1JkL+ERXXYNeOQKy81B4/:m3NTquFVQA0Af3g+EpZVrklRHKetK91s

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3248	jp2lt.exe

Loads dropped DLL 1 IoCs

pid	Process
3248	jp2lt.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3248	jp2lt.exe
3248	jp2lt.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 4572 wrote to memory of 3248	4572	0289eb0ff23f45e7005591a2184107e0.exe	92
PID 4572 wrote to memory of 3248	4572	0289eb0ff23f45e7005591a2184107e0.exe	92
PID 4572 wrote to memory of 3248	4572	0289eb0ff23f45e7005591a2184107e0.exe	92
PID 4572 wrote to memory of 3248	4572	0289eb0ff23f45e7005591a2184107e0.exe	92
PID 4572 wrote to memory of 3248	4572	0289eb0ff23f45e7005591a2184107e0.exe	92

C:\Users\Admin\AppData\Local\Temp\0289eb0ff23f45e7005591a2184107e0.exe
"C:\Users\Admin\AppData\Local\Temp\0289eb0ff23f45e7005591a2184107e0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4572
- C:\Users\Admin\AppData\Local\Temp\tll1CAB.tmp\jp2lt.exe
  "C:\Users\Admin\AppData\Local\Temp\tll1CAB.tmp\jp2lt.exe" -litename "0289eb0ff23f45e7005591a2184107e0"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:3248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tll1CAB.tmp\Default.spk

Filesize
109KB

MD5
d234d4e66c8df098a5dc3934cc0cc71b

SHA1
3bfcca74cf4ce1d30c900a2a46a8be49a8e48911

SHA256
e8d03fa7ae11afcdd020e17141438605c3f7e4cb855ad82c744416917e0b0fae

SHA512
d78504f360752ab2cc29ffce796566e1b607f65f98f147862df3908a0bf2287198650cdb665c6c3e3559e0f659370af9b4cc5df81e63dd845ee0235b7bb7dd18

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll1CAB.tmp\Jp2lt.exe

Filesize
733KB

MD5
b05c9d19de9acf53b551882b1f6ace9b

SHA1
a01c58d0fc306ee3fe5ae638d5fc0475478a7e82

SHA256
9565c0dfa6408edc3c8d0e5952446f72e405d71df2a4ba45c0b99c9a6bcb6700

SHA512
54f0cf6886f8bf86520b06efc3a70f702dfd3fb04361f3c39705db7354285ccd8ae637d3aa2b6b5ec875a944ff0c7d24028621453afee9f408e2536e1db77cf8

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll1CAB.tmp\Media.dll

Filesize
173KB

MD5
b29cde18fae164f672e8bfcea5de37c7

SHA1
e1439a0a64d98ed038dc2999c881238c38917404

SHA256
09cf4b6bec3a1891b60156aef51fef4c831b3c37db6cea8381bb1c60128c81fa

SHA512
6548ea2759c565abc2093315899aaf87724daebba1949b778e9ab6507db835b1def5068dee2c20f6da5228989d025349138cef3bf7084f33ad146a1e11f6c187

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll1CAB.tmp\Puzzles\kidsloftbeds.pzl

Filesize
11KB

MD5
c1761e13dac1a1358b38a5e94bb82bbd

SHA1
c119beec20238a3462effe8cf04bfa7f002ec96b

SHA256
5706a44656adbfa2988c3cc5fe24ff2f1983aaf2d4ecffcf3e0368568250b3f9

SHA512
accd32404deae882cdd4edfcaf7080d028b39739e6d1bda58029818858d07c4a8022300626785ea1c5f06c245c50d3ccfbb213aef71c1cb4dbf4114621a3179b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll1CAB.tmp\data.pck

Filesize
11KB

MD5
810261516945f6611547d7c67883a0ca

SHA1
6c607c52277a7063acd623d2ebf8f917c9420463

SHA256
5dc5a977b099f4645ebab6271442d13457bfc7a91564700dc982b292933b574f

SHA512
0d44ad0f0cc833bfb0880008de607765e25f908d883186e153f3537e9da3d5e1594b6d4524f765a40602af591d8e82901080f8775cffd3734d57dbec1349cb40

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll1CAB.tmp\english.lng

Filesize
17KB

MD5
5354dba4dab261ecba05b7b3b2ee1d13

SHA1
b227ebace8c2a02e50c5cddbb5589928062a33f1

SHA256
3aa42234872afe5b3861bc4929bcd58146f507c45a338eff3073db534907889a

SHA512
16089a0f4e22107330e96638481f06c9065d0fb70df016b288950185d368b8f72f216e7ac4603159d72a7035ef456c1ae5bba3e555a528a88baa989fb0a4e1ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll1CAB.tmp\index.ini

Filesize
86B

MD5
5541e81e1528d68b864bce7f530da92d

SHA1
2bf15dc77349c0fc29f465681025f647a8fb0517

SHA256
f89ab7ff41f3a7d1f332fb21c2702e9eedcc3eae2b7ee1a27beaf70befd256b5

SHA512
f033ff8c318c69a573e0766c86051d113984aa8e56fbd31d44bfb5531c2ea34806c0ac46414ddaf6541933fed24dbac2c51681edef33a9210f663e5fd75e6812

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll1CAB.tmp\lite.lng

Filesize
917B

MD5
d6a6b435d0fae8bea7cf58f9e6556918

SHA1
b0c37e4c0b389e321274a29f2ff0e6c49cc26495

SHA256
b5bf33f1e3d183ff260b925b4bfaa46871f1a0e03357ccdad8fff05b26066423

SHA512
e664794bcaccbf86f6c3d4424427a9062f6ab82d6f2dfe07a13aea3e315fa114213d445a084e8e543075f3e5a9d82c0a1f179a7c257b425fb51e7ba4016b3229

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll1CAB.tmp\log.txt

Filesize
4KB

MD5
1172263df8197b9039180f12f5021a67

SHA1
63b071b6a4cb36d048bc128401f3524a2491082f

SHA256
2f0385c764d11e99757905ce3e14aa1e5dc46ca52b431407fcf03a4b850bc9c5

SHA512
5ad0a3d15d3d7c0b791275d0201076f1c9d72480db9294c10b98761cfaea66d770f57f4ae55599ff109831332ce505a5aaa3eb3f205d359225787331ac8902f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll1CAB.tmp\log.txt

Filesize
4KB

MD5
a82810437bb106cbf8b2262d0756a8d5

SHA1
06d1357c172e499ae222b72b2066563fb91ffb23

SHA256
ca25479a4b4cd6073359a00c72c6f72be2b89e3739638eaf199975b0972533b4

SHA512
840db852d578538686f0567f2dc99f5769e6bbda412fbf72dec64f691ce7f7cb9b22185e9f0b641dd005e71ae888c9599b3e65769449e99b69c8f8b92d9cefd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll1CAB.tmp\log.txt

Filesize
858B

MD5
42f00afa50914ad90582d1dd61e5d9af

SHA1
b0e6f0794ae400d6746ed8cdea0c6087e54c96eb

SHA256
96f8602f5df74fabed671c950b0b44aadef946092793bd7bbdc5961bf96502a6

SHA512
98ced24a20328ef53b8e19592babc7afcd522a081e1db96c10f784a1d8a1daf68143b0f911715f54558f69bb59df22896dec6c623dfb8f5ffec0e14105eaceeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll1CAB.tmp\log.txt

Filesize
1KB

MD5
d5248d5d39554d86bee4b9ee27bfd357

SHA1
519f75cab19b8f58949db91ed721d163adc0b928

SHA256
94df69b66a3d372f646a9c3dfe275a5a388847a93b2abc6bf725a64e43c20a7a

SHA512
d34250dfd8399d6bf7d10f01d193149c1c9f890477484ccc982ec55ddddc1f6f8cbd4ab5cb9807f871eaf4bd1d2675ecfa51bae756e77a92a81de56124a89d23

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll1CAB.tmp\log.txt

Filesize
3KB

MD5
cd8d490092dbba06dc66f5f73d08b845

SHA1
fd6f1b31087d7340b76cdbdb420a43d43c09d091

SHA256
fd5d18267d7944da3542e43e6d165a34e4e713cd4ca985ef19a52b81c4fb651f

SHA512
2352378bd88d105fb767547e30b03820139f2374957f872d19c8a20b4823560ad7aaaa99ae5e5165523d9880f4e532bdffedb35ae1fe746e3d88155ecceab73c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ts2AC4.tmp

Filesize
128B

MD5
2a0b1e61b6a025358da9b24fe8948f1d

SHA1
f9ccbf12b44160c5a0a02a8195398d31c3391151

SHA256
9c057c42e70f4c19450cceaecffa1ff1246fdff5de02f28aa90c145cdaaa1284

SHA512
48779a4b97c636c88a1ff167c106de403c947948f225d1a4a52b85439a701e33c5672a20d2ce52cff10a9233278b5b708558cc34a28d87144d3cda0869307123

Download Submit