047169f37791e7baa9832ddbae57f219497b91d9572625da764f64080c81d904

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 03:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0d3cca6e528e9c426d7fe8a7afa78fb9.exe
Size

1.1MB
MD5

0d3cca6e528e9c426d7fe8a7afa78fb9
SHA1

7e58cdf2ce4aa2099636bc4b61ca245a2e60c819
SHA256

047169f37791e7baa9832ddbae57f219497b91d9572625da764f64080c81d904
SHA512

e3aee07bbfe2247f5a873bee5467bedfaca865f2d50664380e67f090402de7402fbbc65ea11a408107da275dac36cc9d3506913c4214b71e9a712706baf45f6b
SSDEEP

24576:9xGuue4h7DgKkUxafK8wYOBIDRftyrEEWOZJzEsjvCBHlhEakO:WjoKkUxWvABIDRfty1WozD2

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1196	0d3cca6e528e9c426d7fe8a7afa78fb9.tmp

Loads dropped DLL 1 IoCs

pid	Process
1196	0d3cca6e528e9c426d7fe8a7afa78fb9.tmp

Script User-Agent 1 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	4	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1604 wrote to memory of 1196	1604	0d3cca6e528e9c426d7fe8a7afa78fb9.exe	90
PID 1604 wrote to memory of 1196	1604	0d3cca6e528e9c426d7fe8a7afa78fb9.exe	90
PID 1604 wrote to memory of 1196	1604	0d3cca6e528e9c426d7fe8a7afa78fb9.exe	90

C:\Users\Admin\AppData\Local\Temp\0d3cca6e528e9c426d7fe8a7afa78fb9.exe
"C:\Users\Admin\AppData\Local\Temp\0d3cca6e528e9c426d7fe8a7afa78fb9.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1604
- C:\Users\Admin\AppData\Local\Temp\is-G2QGM.tmp\0d3cca6e528e9c426d7fe8a7afa78fb9.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-G2QGM.tmp\0d3cca6e528e9c426d7fe8a7afa78fb9.tmp" /SL5="$401CA,690695,139776,C:\Users\Admin\AppData\Local\Temp\0d3cca6e528e9c426d7fe8a7afa78fb9.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-A70UK.tmp\InstallerExtensions.dll

Filesize
109KB

MD5
6fc8364ed78722c8c6809540fe50e504

SHA1
60fcf14585f15d021b31aeea9e6970dc025dcb62

SHA256
dd5bfb8269fa0f131c6b4c79881a54742c3ec47d1c8abc5b4091d4e8133fba71

SHA512
9690f880da44102fb49c2b5cb74fea4fa2d4f181a9b72f56792b1bb3db68eade3fef3d46f65088aa968647719cc9728748c2fe090bfbc9d541cf4663830dfadc

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-G2QGM.tmp\0d3cca6e528e9c426d7fe8a7afa78fb9.tmp

Filesize
382KB

MD5
03b30e17705729b3d5eedfb4e3fb5684

SHA1
4f69b99abb5afafce31d42a538d0885fe16dab24

SHA256
6acf8a4dada2f6c0b3fe5e41168b08b2b428ea7222aa889410925af7e060a584

SHA512
8cf90fd4bcf4c12a84f0b1e56d16b77e27efa93ee9606b70a678711ab1d2ac71724abdc0e3c551d2970451c9169ec44eebbf9c3a94b3c015b034a456e3624aad

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-G2QGM.tmp\0d3cca6e528e9c426d7fe8a7afa78fb9.tmp

Filesize
93KB

MD5
139909024d73359c52e2f2041c3ba7a5

SHA1
ae0fe8502752279ec5ed19146875ddc1ae6e473b

SHA256
d9675fa1665eed8af7861708c52624fee4a0c838b6bcbe904a6b233a08334234

SHA512
3c90cc58d6edec704e305c54ddd95a0033a1b6b8f00a0e4075c3b8fac6d31549367468ac4ab0c6529acf7f8e724d1996d9bb07032fa7cd64c324a8437bc0672b

Download Submit
memory/1196-7-0x0000000000700000-0x0000000000701000-memory.dmp

Filesize
4KB

Download
memory/1196-21-0x0000000000400000-0x0000000000530000-memory.dmp

Filesize
1.2MB

Download
memory/1604-0-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/1604-2-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/1604-22-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download