91d20a0a79940fd30bb97b5dd3740dd78ab1a46251bba969e5e5fc30eed0bb30

Analysis

max time kernel
139s
max time network
88s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 23:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1fe88abfdb44a33eb0fedf7488aa160e.exe
Size

826KB
MD5

1fe88abfdb44a33eb0fedf7488aa160e
SHA1

3bc9ba7fa565f8c2e6a881e2b12cd86fe81f220a
SHA256

91d20a0a79940fd30bb97b5dd3740dd78ab1a46251bba969e5e5fc30eed0bb30
SHA512

a054d12f01e58adfe4d4e7ed498154887977ba467f3589438fdd3f56249946953d2204ba4814b50f3eb6a3466843d38f8517988392fbce0ed408448f56a293a6
SSDEEP

12288:LvjnBwaY9SE23XlL0nNUJVdKVS7MAD1lv+fkbDH:L7nccEuXwNUhMAD1N+fkHH

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
224	msglang.exe

Executes dropped EXE 2 IoCs

pid	Process
2168	msglang.exe
224	msglang.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files\messenger\hu243576h	1fe88abfdb44a33eb0fedf7488aa160e.exe
File opened for modification	\??\c:\program files\messenger\msglang.exe	1fe88abfdb44a33eb0fedf7488aa160e.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4180 wrote to memory of 2168	4180	1fe88abfdb44a33eb0fedf7488aa160e.exe	15
PID 4180 wrote to memory of 2168	4180	1fe88abfdb44a33eb0fedf7488aa160e.exe	15
PID 4180 wrote to memory of 2168	4180	1fe88abfdb44a33eb0fedf7488aa160e.exe	15
PID 4180 wrote to memory of 224	4180	1fe88abfdb44a33eb0fedf7488aa160e.exe	19
PID 4180 wrote to memory of 224	4180	1fe88abfdb44a33eb0fedf7488aa160e.exe	19
PID 4180 wrote to memory of 224	4180	1fe88abfdb44a33eb0fedf7488aa160e.exe	19

C:\Users\Admin\AppData\Local\Temp\1fe88abfdb44a33eb0fedf7488aa160e.exe
"C:\Users\Admin\AppData\Local\Temp\1fe88abfdb44a33eb0fedf7488aa160e.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:4180
- \??\c:\program files\messenger\msglang.exe
  "c:\program files\messenger\msglang.exe"
  2⤵
  - Executes dropped EXE
  PID:2168
- \??\c:\program files\messenger\msglang.exe
  "c:\program files\messenger\msglang.exe" C:\Users\Admin\AppData\Local\Temp\1fe88abfdb44a33eb0fedf7488aa160e.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  PID:224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\messenger\msglang.exe

Filesize
92KB

MD5
5930fe9ed8ccd82520b226f44f4aeb69

SHA1
9567c25e8af75ef7ee65a12978e920e1fd92210b

SHA256
dc828031e4c6b3e7379f012514567e7cdb9151c5f4cf44cfe96c0fd52c38ee7a

SHA512
f9534cb27a74443232bfbd8ab8a4ec875fb09881ebc05f589bb6b9ef5bd99ae21904b5fc7425c35f72d9a9900e0bb2284ac9430046cf6d10821fc6670819f697

Download Submit
C:\Program Files\messenger\msglang.exe

Filesize
143KB

MD5
441ca680aed783e85cfe04aa16a7712d

SHA1
eddaa71b3809f8122c21b5559defe4ff19dd720c

SHA256
9b2799fdd2242d5b3262e6d347369be636ecb40a3c5d6c170c8400a6cc092223

SHA512
29437fa403b61dcd4ef03d65445ca621d8f70fd4d627d7e886275da05cdd27a8997d837b4239ddb3e456f3e2830fa74f025841f3fe0fd9fde3c7a2acf5458984

Download Submit
C:\Program Files\messenger\msglang.exe

Filesize
547KB

MD5
9c285343049fa86c279ade99c9b96bc3

SHA1
e975f09445f255f962023ef1a78a1c8c5de78467

SHA256
32ce343dc21713a8e812304e5aa2f57de848ba03816bc5a7357158f697187c80

SHA512
4e89ab357c122249b4a769f27f0d213250a8fb278c11a83653f90c2ac7ad9e58fe97ef1d29c5ab8d6728a95f3a5110ffa0559fec46642fd8e6b2697650e96cd7

Download Submit
\??\c:\program files\messenger\msglang.exe

Filesize
106KB

MD5
1100435b40eb2167251c8ed17a05e431

SHA1
9640a512722f58f53bd5cffde09cb55ba034f7e1

SHA256
520074a9fcc41aa4f3c0022a43282868be73c261f2e3e246d25e80a1ef5b7c6a

SHA512
a0408829470b5da9e57f0425a3d0d64edb5ff338d1b74a9ef632426bf40578e01a122b1be557f0731b0326498c410d79f5b8490eb74e14b455f350a6930317a4

Download Submit
memory/224-23-0x0000000000020000-0x0000000000022000-memory.dmp

Filesize
8KB

Download
memory/224-21-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/224-25-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2168-24-0x00000000001C0000-0x00000000001C2000-memory.dmp

Filesize
8KB

Download
memory/4180-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4180-1-0x00000000001C0000-0x00000000001C2000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads