Analysis
-
max time kernel
149s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
31/12/2023, 01:52
Static task
static1
Behavioral task
behavioral1
Sample
236e5a537698a863f7cdbbf55b7d07e9.exe
Resource
win7-20231215-en
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
236e5a537698a863f7cdbbf55b7d07e9.exe
Resource
win10v2004-20231222-en
2 signatures
150 seconds
General
-
Target
236e5a537698a863f7cdbbf55b7d07e9.exe
-
Size
3.8MB
-
MD5
236e5a537698a863f7cdbbf55b7d07e9
-
SHA1
3e4836a8c2abdfa090a2ae2b5b95838af7d9553f
-
SHA256
fa87f3493dae78755ce86263010cbae5f0680e9a950ab3470945cebc217b38a4
-
SHA512
4946f511d950c7c087770b2f181c9341bd0d3a1f0ee99bcd62a16c2aa48332b475f4588cfbce2d7cdbb0923272e22848d9241b5cf53a655c419065529e2e77cc
-
SSDEEP
98304:XotohLakqQxZsA1zU7en9DoPnQiQDTtYLBF7ZXsi+Xl+I+AoSRgB:jNaDqJ147uAnQZDpYLB3XjmQpQgB
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2932 236e5a537698a863f7cdbbf55b7d07e9.tmp -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3136 wrote to memory of 2932 3136 236e5a537698a863f7cdbbf55b7d07e9.exe 17 PID 3136 wrote to memory of 2932 3136 236e5a537698a863f7cdbbf55b7d07e9.exe 17 PID 3136 wrote to memory of 2932 3136 236e5a537698a863f7cdbbf55b7d07e9.exe 17
Processes
-
C:\Users\Admin\AppData\Local\Temp\236e5a537698a863f7cdbbf55b7d07e9.exe"C:\Users\Admin\AppData\Local\Temp\236e5a537698a863f7cdbbf55b7d07e9.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3136 -
C:\Users\Admin\AppData\Local\Temp\is-BNRSB.tmp\236e5a537698a863f7cdbbf55b7d07e9.tmp"C:\Users\Admin\AppData\Local\Temp\is-BNRSB.tmp\236e5a537698a863f7cdbbf55b7d07e9.tmp" /SL5="$D021C,3741557,54272,C:\Users\Admin\AppData\Local\Temp\236e5a537698a863f7cdbbf55b7d07e9.exe"2⤵
- Executes dropped EXE
PID:2932
-