Analysis
-
max time kernel
145s -
max time network
161s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
31-12-2023 04:20
General
-
Target
27e8e1952868f69edc14395219a91a8f.exe
-
Size
64KB
-
MD5
27e8e1952868f69edc14395219a91a8f
-
SHA1
ee328dc355246591588b417a5416680f22c83a7e
-
SHA256
88bff02695c2a22e1f1768f86241d6a74797aaa5a37bcaa48c79d891eebb0c08
-
SHA512
a4aed9b065d047fc62927fa4d3a4149cd0ba5ed480efd34ffc3f70721c026a68939aa06e65dcd984b4861a7b5eb6d91a5e8a0b6479293c75bb904e232d785ee3
-
SSDEEP
1536:k7SowfMGR8SZn6pB7Yp2sUUUYNOHwSQvBnhYK//5dh:kiFRXZ6n8bCYoHP6hYKZdh
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\27e8e1952868f69edc14395219a91a8f.exe"C:\Users\Admin\AppData\Local\Temp\27e8e1952868f69edc14395219a91a8f.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
-
C:\ProgramData\nkdkjuze\vclinglk.exeC:\ProgramData\nkdkjuze\vclinglk.exe2⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exe/c del /f C:\Users\Admin\AppData\Local\Temp\27E8E1~1.EXE.bak >> NUL2⤵
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD527e8e1952868f69edc14395219a91a8f
SHA1ee328dc355246591588b417a5416680f22c83a7e
SHA25688bff02695c2a22e1f1768f86241d6a74797aaa5a37bcaa48c79d891eebb0c08
SHA512a4aed9b065d047fc62927fa4d3a4149cd0ba5ed480efd34ffc3f70721c026a68939aa06e65dcd984b4861a7b5eb6d91a5e8a0b6479293c75bb904e232d785ee3