ec9adbc911233ae9e6b8503adfea7504a204f92ce520f6023f2967554434801e

Analysis

max time kernel
140s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 04:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0e420883d2be62142236382baa02afdd.exe
Size

2.1MB
MD5

0e420883d2be62142236382baa02afdd
SHA1

a290b646554445bb7a03f1354d6689aff7322c42
SHA256

ec9adbc911233ae9e6b8503adfea7504a204f92ce520f6023f2967554434801e
SHA512

32bbb8d82f86a77ced61912708c0c3d6d0aa2669306f2d078883fcb43123177c584758a6e5efe34a00b9c2b8e2c38047070201990d25c8d3c0c881f5dfa31bcf
SSDEEP

49152:l75IAQokcJtjvEFRP0jPedDSB37l0LKlsd4Vq66KGPpt5h:95IiNtLOP0Se3pmdHKo5

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
2104	0e420883d2be62142236382baa02afdd.tmp

Loads dropped DLL 2 IoCs

pid	Process
1880	0e420883d2be62142236382baa02afdd.exe
2104	0e420883d2be62142236382baa02afdd.tmp

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2104	0e420883d2be62142236382baa02afdd.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1880 wrote to memory of 2104	1880	0e420883d2be62142236382baa02afdd.exe	28
PID 1880 wrote to memory of 2104	1880	0e420883d2be62142236382baa02afdd.exe	28
PID 1880 wrote to memory of 2104	1880	0e420883d2be62142236382baa02afdd.exe	28
PID 1880 wrote to memory of 2104	1880	0e420883d2be62142236382baa02afdd.exe	28
PID 1880 wrote to memory of 2104	1880	0e420883d2be62142236382baa02afdd.exe	28
PID 1880 wrote to memory of 2104	1880	0e420883d2be62142236382baa02afdd.exe	28
PID 1880 wrote to memory of 2104	1880	0e420883d2be62142236382baa02afdd.exe	28

C:\Users\Admin\AppData\Local\Temp\0e420883d2be62142236382baa02afdd.exe
"C:\Users\Admin\AppData\Local\Temp\0e420883d2be62142236382baa02afdd.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1880
- C:\Users\Admin\AppData\Local\Temp\is-29N3S.tmp\0e420883d2be62142236382baa02afdd.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-29N3S.tmp\0e420883d2be62142236382baa02afdd.tmp" /SL5="$70124,1914955,57856,C:\Users\Admin\AppData\Local\Temp\0e420883d2be62142236382baa02afdd.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2104

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-29N3S.tmp\0e420883d2be62142236382baa02afdd.tmp

Filesize
541KB

MD5
2103b4b30c51fc46c9ba0b693a639ec7

SHA1
323bccb14bfa1bdd7a1a919331b59006ea6f7819

SHA256
7509bda57ceb43bb16ab9eccfddb821959d8b8d6082f22575d62324deaf63c8b

SHA512
31ca7ff906c132966d05e76cbac7a26625c076b3ac5310dbb2e504eb22e09b50812dbd5bf7d6944561646a4511ec3a1fefcddc957b84a5f8ddd9d0b2b1b6442b

Download Submit
\Users\Admin\AppData\Local\Temp\is-29N3S.tmp\0e420883d2be62142236382baa02afdd.tmp

Filesize
697KB

MD5
832dab307e54aa08f4b6cdd9b9720361

SHA1
ebd007fb7482040ecf34339e4bf917209c1018df

SHA256
cc783a04ccbca4edd06564f8ec88fe5a15f1e3bb26cec7de5e090313520d98f3

SHA512
358d43522fd460eb1511708e4df22ea454a95e5bc3c4841931027b5fa3fb1dda05d496d8ad0a8b9279b99e6be74220fe243db8f08ef49845e9fb35c350ef4b49

Download Submit
\Users\Admin\AppData\Local\Temp\is-VQBB9.tmp\itdownload.dll

Filesize
200KB

MD5
d82a429efd885ca0f324dd92afb6b7b8

SHA1
86bbdaa15e6fc5c7779ac69c84e53c43c9eb20ea

SHA256
b258c4d7d2113dee2168ed7e35568c8e03341e24e3eafc7a22a0d62e32122ef3

SHA512
5bf0c3b8fa5db63205a263c4fa5337188173248bef609ba4d03508c50db1fd1e336f3041ce96d78cc97659357a83e6e422f5b079d893a20a683270e05f5438df

Download Submit
memory/1880-1-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1880-15-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2104-9-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/2104-12-0x00000000005B0000-0x00000000005EC000-memory.dmp

Filesize
240KB

Download
memory/2104-16-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/2104-17-0x00000000005B0000-0x00000000005EC000-memory.dmp

Filesize
240KB

Download
memory/2104-20-0x00000000005B0000-0x00000000005EC000-memory.dmp

Filesize
240KB

Download
memory/2104-21-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/2104-26-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/2104-27-0x00000000005B0000-0x00000000005EC000-memory.dmp

Filesize
240KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads