9225019bdd9a14f0f4e0488853a34f54576114f6f10946133f93f0758367024c

Analysis

max time kernel
152s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 04:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

283b951dba1be256a514056e2ca5a44f.exe
Size

289KB
MD5

283b951dba1be256a514056e2ca5a44f
SHA1

c6838d78274dd1dec0518e79ff9a811d72edc730
SHA256

9225019bdd9a14f0f4e0488853a34f54576114f6f10946133f93f0758367024c
SHA512

2ec81447e54f2544b605e79cadaa648ceba250101a39ff83a3f948c09bf13ecf7dc64ec377774ac0d18ebc6e5451778967c45674955abdbe56d78495ec105ec1
SSDEEP

6144:1MsYOtd0Nrh0cGq51NMkPpAmYLIF2JfooZVJeWRAo2qc/KW:1j5/0Nl0cGqv62An0Mvx7AoJm

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1108	220A.tmp

Loads dropped DLL 2 IoCs

pid	Process
2544	283b951dba1be256a514056e2ca5a44f.exe
2544	283b951dba1be256a514056e2ca5a44f.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2544	283b951dba1be256a514056e2ca5a44f.exe
2544	283b951dba1be256a514056e2ca5a44f.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2544 wrote to memory of 1108	2544	283b951dba1be256a514056e2ca5a44f.exe	93
PID 2544 wrote to memory of 1108	2544	283b951dba1be256a514056e2ca5a44f.exe	93
PID 2544 wrote to memory of 1108	2544	283b951dba1be256a514056e2ca5a44f.exe	93
PID 2544 wrote to memory of 4536	2544	283b951dba1be256a514056e2ca5a44f.exe	94
PID 2544 wrote to memory of 4536	2544	283b951dba1be256a514056e2ca5a44f.exe	94
PID 2544 wrote to memory of 4536	2544	283b951dba1be256a514056e2ca5a44f.exe	94

C:\Users\Admin\AppData\Local\Temp\283b951dba1be256a514056e2ca5a44f.exe
"C:\Users\Admin\AppData\Local\Temp\283b951dba1be256a514056e2ca5a44f.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2544
- C:\Users\Admin\AppData\Local\Temp\220A.tmp
  C:\Users\Admin\AppData\Local\Temp\220A.tmp
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Users\Admin\AppData\Local\Temp\283b951dba1be256a514056e2ca5a44f.exe
  "C:\Users\Admin\AppData\Local\Temp\283b951dba1be256a514056e2ca5a44f.exe" --cp "C:\Users\Admin\AppData\Local\Temp\221A.tmp"
  2⤵
  PID:4536

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\220A.tmp

Filesize
242KB

MD5
6495f1a2e4311741335ff7d1e3983767

SHA1
b3290e1664120a876c278dc7c7fc6d339b819378

SHA256
6b5ab6952e5ddf29ae428411d6dec8a754ef44739839ba44185fb374e92ffb70

SHA512
78439f0b62942d40c68ac52d47c468e5144d8e873645ac93f3c9b8e2ad1bdb295d8a9a2e2fd26b6bfcb7a7aa06a605dcacecc604ef1e53f95bf5f9f59a4acfb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\221A.tmp

Filesize
289KB

MD5
1c4a2f2e21853427d471c45798db829b

SHA1
8460b01a2e5ff09cbb9d42045f4e982f5fcdbff0

SHA256
8b09924fab44fa26eac8ab81100669826ece82a7a32f7a73b7f07d777ec61cab

SHA512
e4949e42f2091a5114140177a4b620d081def75eb0f4a91142c3845c6bb5dd4dd50aada6a470ff564f696d1e023a9d9b76939fb93ea89ac0adc0dcb18b488b99

Download Submit
memory/1108-19-0x0000000000400000-0x000000000043E128-memory.dmp

Filesize
248KB

Download
memory/1108-20-0x00000000001C0000-0x00000000001F9000-memory.dmp

Filesize
228KB

Download
memory/1108-24-0x00000000001C0000-0x00000000001F9000-memory.dmp

Filesize
228KB

Download
memory/2544-0-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/2544-1-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/2544-2-0x00000000005B0000-0x00000000005FE000-memory.dmp

Filesize
312KB

Download
memory/2544-14-0x00000000005B0000-0x00000000005FE000-memory.dmp

Filesize
312KB

Download
memory/4536-10-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/4536-12-0x0000000002070000-0x0000000002170000-memory.dmp

Filesize
1024KB

Download