4381f2c70c0345bd6899a85a786feed995ec5a4c9e803d90157889228be2eda0 | Triage

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 04:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0e81ce4a16d3952f60c47708cfe23cbe.exe
Size

1.9MB
MD5

0e81ce4a16d3952f60c47708cfe23cbe
SHA1

84b2bc04f497a9f7a9f2b49d19f881d6b82241b7
SHA256

4381f2c70c0345bd6899a85a786feed995ec5a4c9e803d90157889228be2eda0
SHA512

3d41b4189e75c84bb4a79003b1c8b28012aa36c3b16722aa2ef82515f12df807f9f24101c0da21b5e449921316d345e44e25f79c041e2bd4aa42848527e4f50e
SSDEEP

49152:Qoa1taC070dtTLKjpxNPeUlvf/XeEK4MogNiikN:Qoa1taC0cENPeU13fRgLs

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2656	13A0.tmp

Executes dropped EXE 1 IoCs

pid	Process
2656	13A0.tmp

Loads dropped DLL 1 IoCs

pid	Process
2364	0e81ce4a16d3952f60c47708cfe23cbe.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 2656	2364	0e81ce4a16d3952f60c47708cfe23cbe.exe	28
PID 2364 wrote to memory of 2656	2364	0e81ce4a16d3952f60c47708cfe23cbe.exe	28
PID 2364 wrote to memory of 2656	2364	0e81ce4a16d3952f60c47708cfe23cbe.exe	28
PID 2364 wrote to memory of 2656	2364	0e81ce4a16d3952f60c47708cfe23cbe.exe	28

C:\Users\Admin\AppData\Local\Temp\0e81ce4a16d3952f60c47708cfe23cbe.exe
"C:\Users\Admin\AppData\Local\Temp\0e81ce4a16d3952f60c47708cfe23cbe.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Users\Admin\AppData\Local\Temp\13A0.tmp
  "C:\Users\Admin\AppData\Local\Temp\13A0.tmp" --splashC:\Users\Admin\AppData\Local\Temp\0e81ce4a16d3952f60c47708cfe23cbe.exe 804154ACEE1ADD91B3AB476B6D2AA94A4DD67BF2962CF778A1D3EF3CDB83363FA707B903D0362824BA649B4C70B77D88D77DD6C205E3B91855651DE2ED400464
  2⤵
  - Deletes itself
  - Executes dropped EXE
  PID:2656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2364-0-0x0000000000400000-0x00000000005E6000-memory.dmp

Filesize
1.9MB

Download
memory/2656-6-0x0000000000400000-0x00000000005E6000-memory.dmp

Filesize
1.9MB

Download