6c5b61df93834a15b005c19d5214594a0fb00cd9f3492f2d29e7d7e1636119e8 | Triage

Analysis

max time kernel
131s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
03-01-2024 20:19

Sharing

Report Analysis Logs

General

Target

3efc8b65dc0690a506612811d833239d.exe
Size

873KB
MD5

3efc8b65dc0690a506612811d833239d
SHA1

e5a1353e48f1bd785345846d0fee3b4e1da338a8
SHA256

6c5b61df93834a15b005c19d5214594a0fb00cd9f3492f2d29e7d7e1636119e8
SHA512

67bbd0e62f2113c7733b67a1a5ffd3fffbfe3cf668630789240ab2a1cec50cc8651793d88b8843dc1b49dc8d2245c26f57cd668c408db47362d1f334d3512513
SSDEEP

24576:8aOZyo29f/KdErc8lzhtTQ6WDLZmN1VUZm:8aOZyN9jr9zht1WXZmXiZm

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3484	4ECC.tmp

Executes dropped EXE 1 IoCs

pid	Process
3484	4ECC.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4336 wrote to memory of 3484	4336	3efc8b65dc0690a506612811d833239d.exe	17
PID 4336 wrote to memory of 3484	4336	3efc8b65dc0690a506612811d833239d.exe	17
PID 4336 wrote to memory of 3484	4336	3efc8b65dc0690a506612811d833239d.exe	17

C:\Users\Admin\AppData\Local\Temp\3efc8b65dc0690a506612811d833239d.exe
"C:\Users\Admin\AppData\Local\Temp\3efc8b65dc0690a506612811d833239d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4336
- C:\Users\Admin\AppData\Local\Temp\4ECC.tmp
  "C:\Users\Admin\AppData\Local\Temp\4ECC.tmp"
  2⤵
  - Deletes itself
  - Executes dropped EXE
  PID:3484

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads