d47dc46323604c7164ea6c7ddff3b5ab4da9270ed0a5161c1cfaafbd02da4d6a

Analysis

max time kernel
5s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 13:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1a8894a8f3878409a159a4db60910ae8.exe
Size

214KB
MD5

1a8894a8f3878409a159a4db60910ae8
SHA1

65442414f42389a50a433fd52e3d86d7183f3202
SHA256

d47dc46323604c7164ea6c7ddff3b5ab4da9270ed0a5161c1cfaafbd02da4d6a
SHA512

e7e5c6d777f2d924571b8510a499e1fc7cd66a349d49658b9acc12044e5775221e4a32678fde9e2a047d392aa960db30587f3ba62bb3038e44a704e17196a733
SSDEEP

3072:vEoB+tB6/X1zqoHLsnEtf/pp3qmv1JJGd/AYKW1qW:AvYWSLzf/pp6mv70L1q

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
5028	msa.exe

Drops file in Windows directory 6 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job	1a8894a8f3878409a159a4db60910ae8.exe
File opened for modification	C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job	1a8894a8f3878409a159a4db60910ae8.exe
File created	C:\Windows\msa.exe	1a8894a8f3878409a159a4db60910ae8.exe
File opened for modification	C:\Windows\msa.exe	1a8894a8f3878409a159a4db60910ae8.exe
File created	C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job	msa.exe
File opened for modification	C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job	msa.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2100	1a8894a8f3878409a159a4db60910ae8.exe
2100	1a8894a8f3878409a159a4db60910ae8.exe
5028	msa.exe
5028	msa.exe
5028	msa.exe
5028	msa.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 5028	2100	1a8894a8f3878409a159a4db60910ae8.exe	63
PID 2100 wrote to memory of 5028	2100	1a8894a8f3878409a159a4db60910ae8.exe	63
PID 2100 wrote to memory of 5028	2100	1a8894a8f3878409a159a4db60910ae8.exe	63

C:\Users\Admin\AppData\Local\Temp\1a8894a8f3878409a159a4db60910ae8.exe
"C:\Users\Admin\AppData\Local\Temp\1a8894a8f3878409a159a4db60910ae8.exe"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Windows\msa.exe
  C:\Windows\msa.exe
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  PID:5028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2100-30134-0x0000000000400000-0x000000000047E000-memory.dmp

Filesize
504KB

Download
memory/2100-0-0x0000000000400000-0x000000000047E000-memory.dmp

Filesize
504KB

Download
memory/2100-18805-0x0000000000400000-0x000000000047E000-memory.dmp

Filesize
504KB

Download
memory/5028-130411-0x0000000000400000-0x000000000047E000-memory.dmp

Filesize
504KB

Download
memory/5028-43029-0x0000000000400000-0x000000000047E000-memory.dmp

Filesize
504KB

Download
memory/5028-53800-0x0000000000400000-0x000000000047E000-memory.dmp

Filesize
504KB

Download
memory/5028-66139-0x0000000000400000-0x000000000047E000-memory.dmp

Filesize
504KB

Download
memory/5028-98248-0x0000000000400000-0x000000000047E000-memory.dmp

Filesize
504KB

Download
memory/5028-18807-0x0000000000400000-0x000000000047E000-memory.dmp

Filesize
504KB

Download
memory/5028-130413-0x0000000000400000-0x000000000047E000-memory.dmp

Filesize
504KB

Download
memory/5028-130414-0x0000000000400000-0x000000000047E000-memory.dmp

Filesize
504KB

Download
memory/5028-130415-0x0000000000400000-0x000000000047E000-memory.dmp

Filesize
504KB

Download
memory/5028-130416-0x0000000000400000-0x000000000047E000-memory.dmp

Filesize
504KB

Download
memory/5028-130417-0x0000000000400000-0x000000000047E000-memory.dmp

Filesize
504KB

Download
memory/5028-130418-0x0000000000400000-0x000000000047E000-memory.dmp

Filesize
504KB

Download
memory/5028-130419-0x0000000000400000-0x000000000047E000-memory.dmp

Filesize
504KB

Download