Analysis

  • max time kernel
    0s
  • max time network
    115s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/01/2024, 08:35

General

  • Target

    3c631b5651a41842151171ee98b155be.exe

  • Size

    75KB

  • MD5

    3c631b5651a41842151171ee98b155be

  • SHA1

    e365837a275b6c79192cd87a3f4c7659987766fb

  • SHA256

    e1fc1bbaf6c3144462068e645b3fdfafcbc3956fc055fbba3e0a2ea2ac11b2ba

  • SHA512

    f86d393c44fdbdc401fbea4e3d5d7482f557d970539e269577554686554b427dfefdbbb8f7fce50b32117b2a7627e3702befe4bd34b95f350e3eb7b13a3e93df

  • SSDEEP

    1536:4MHxqNxd3xtdTfzHyl9X3BJeUjlwYOkJWF3TvIqBNpISL:JHxOdljyj3BJeUjhJWZXHL

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3c631b5651a41842151171ee98b155be.exe
    "C:\Users\Admin\AppData\Local\Temp\3c631b5651a41842151171ee98b155be.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4684
    • C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
      "C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\
      2⤵
      • Executes dropped EXE
      PID:4244

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4244-12-0x0000000010000000-0x000000001001D000-memory.dmp

    Filesize

    116KB

  • memory/4244-11-0x0000000000400000-0x0000000000440000-memory.dmp

    Filesize

    256KB

  • memory/4244-15-0x0000000000400000-0x0000000000440000-memory.dmp

    Filesize

    256KB

  • memory/4684-5-0x0000000000400000-0x0000000000440000-memory.dmp

    Filesize

    256KB