Analysis

  • max time kernel
    46s
  • max time network
    68s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 01:52

General

  • Target

    PO24535363.exe

  • Size

    810KB

  • MD5

    cad47481ee480d7808407d1b82c59d6b

  • SHA1

    ea048eee92361095b568fbc8de772a6788e186d1

  • SHA256

    590387feecd3df6131ffd646c5e4a9e597b6e216c56d7a1eb010b16164281144

  • SHA512

    4d245ed227a62e2b3c2dfca61f20bc6fa5c81c09ca1c87c0292f21db39a936c81942f37f365b3357348aa022508d19bd152285d0930efd7e7633c355c9c115e6

  • SSDEEP

    12288:GxdOwKLvAcdZYkMypFtK+1mATyZVKy3jnYZdLKSb55cRANAZCAAb/9nMAzN4F6/c:GnORAcPMO1g3jngBbQQ

Score
3/10

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\PO24535363.exe
    "C:\Users\Admin\AppData\Local\Temp\PO24535363.exe"
    1⤵
      PID:2832
      • C:\Users\Admin\AppData\Local\Temp\PO24535363.exe
        "C:\Users\Admin\AppData\Local\Temp\PO24535363.exe"
        2⤵
          PID:2288
        • C:\Windows\SysWOW64\schtasks.exe
          "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\NCgjtGQWUsw" /XML "C:\Users\Admin\AppData\Local\Temp\tmp625.tmp"
          2⤵
          • Creates scheduled task(s)
          PID:4748
      • C:\Windows\SysWOW64\wscript.exe
        "C:\Windows\SysWOW64\wscript.exe"
        1⤵
          PID:4128
          • C:\Windows\SysWOW64\cmd.exe
            /c del "C:\Users\Admin\AppData\Local\Temp\PO24535363.exe"
            2⤵
              PID:1152

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/2288-18-0x0000000000400000-0x0000000000429000-memory.dmp

            Filesize

            164KB

          • memory/2288-23-0x0000000000400000-0x0000000000429000-memory.dmp

            Filesize

            164KB

          • memory/2288-24-0x0000000001230000-0x0000000001241000-memory.dmp

            Filesize

            68KB

          • memory/2288-21-0x0000000001720000-0x0000000001A6A000-memory.dmp

            Filesize

            3.3MB

          • memory/2832-8-0x0000000006720000-0x000000000673E000-memory.dmp

            Filesize

            120KB

          • memory/2832-11-0x0000000006D60000-0x0000000006DFE000-memory.dmp

            Filesize

            632KB

          • memory/2832-6-0x0000000002DA0000-0x0000000002DAA000-memory.dmp

            Filesize

            40KB

          • memory/2832-7-0x0000000007C40000-0x0000000007C96000-memory.dmp

            Filesize

            344KB

          • memory/2832-0-0x00000000009F0000-0x0000000000AC0000-memory.dmp

            Filesize

            832KB

          • memory/2832-9-0x00000000749D0000-0x0000000075180000-memory.dmp

            Filesize

            7.7MB

          • memory/2832-10-0x0000000007D00000-0x0000000007D10000-memory.dmp

            Filesize

            64KB

          • memory/2832-5-0x0000000007D00000-0x0000000007D10000-memory.dmp

            Filesize

            64KB

          • memory/2832-12-0x0000000007290000-0x00000000072BE000-memory.dmp

            Filesize

            184KB

          • memory/2832-4-0x0000000007AB0000-0x0000000007B42000-memory.dmp

            Filesize

            584KB

          • memory/2832-1-0x00000000749D0000-0x0000000075180000-memory.dmp

            Filesize

            7.7MB

          • memory/2832-3-0x0000000007FC0000-0x0000000008564000-memory.dmp

            Filesize

            5.6MB

          • memory/2832-2-0x0000000007970000-0x0000000007A0C000-memory.dmp

            Filesize

            624KB

          • memory/2832-20-0x00000000749D0000-0x0000000075180000-memory.dmp

            Filesize

            7.7MB

          • memory/3432-25-0x0000000008FF0000-0x0000000009189000-memory.dmp

            Filesize

            1.6MB

          • memory/3432-33-0x0000000008FF0000-0x0000000009189000-memory.dmp

            Filesize

            1.6MB

          • memory/3432-36-0x0000000007F30000-0x000000000800D000-memory.dmp

            Filesize

            884KB

          • memory/3432-37-0x0000000007F30000-0x000000000800D000-memory.dmp

            Filesize

            884KB

          • memory/3432-40-0x0000000007F30000-0x000000000800D000-memory.dmp

            Filesize

            884KB

          • memory/4128-27-0x0000000000520000-0x0000000000547000-memory.dmp

            Filesize

            156KB

          • memory/4128-28-0x00000000007D0000-0x00000000007F9000-memory.dmp

            Filesize

            164KB

          • memory/4128-29-0x0000000002A90000-0x0000000002DDA000-memory.dmp

            Filesize

            3.3MB

          • memory/4128-26-0x0000000000520000-0x0000000000547000-memory.dmp

            Filesize

            156KB

          • memory/4128-30-0x00000000007D0000-0x00000000007F9000-memory.dmp

            Filesize

            164KB

          • memory/4128-31-0x00000000029A0000-0x0000000002A30000-memory.dmp

            Filesize

            576KB