Overview

overview

7

Static

static

3

EditPlus_5...SC.exe

windows7-x64

7

EditPlus_5...SC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    146s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-01-2024 12:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    EditPlus_5.2.0.2540_x64_SC.exe

  • Size

    2.1MB

  • MD5

    380fe9df1bed8d6c22960036ce3bcf4e

  • SHA1

    b5a51d0fb43807db6e5ae32f47f46c9e9358b98c

  • SHA256

    67c3aafff755ee4e128eb219673ff0f34fea6d706027a2b1a5826bc8645a69b0

  • SHA512

    bc951716ff3a41d4bf9fda86682f328b460f6cdeb3659b87c30c01b8e907ed5989f65c62501391a2ad5f46c6cb8f0b8907b1014c6e8572c17dfc4ded09353fb3

  • SSDEEP

    49152:o75foNd0P2u7q0TGhJfF/MeU8ZE+uJLIymVfObp5bELmJ+5+Jwp9f1okg:Y5foNde2WqamL/X9By0fW5Ry9f13g

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\EditPlus_5.2.0.2540_x64_SC.exe
    "C:\Users\Admin\AppData\Local\Temp\EditPlus_5.2.0.2540_x64_SC.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:952
    • C:\Users\Admin\AppData\Local\Temp\is-ORNSF.tmp\EditPlus_5.2.0.2540_x64_SC.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-ORNSF.tmp\EditPlus_5.2.0.2540_x64_SC.tmp" /SL5="$A0220,1941886,54272,C:\Users\Admin\AppData\Local\Temp\EditPlus_5.2.0.2540_x64_SC.exe"
      2⤵
      • Executes dropped EXE
      PID:4644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-ORNSF.tmp\EditPlus_5.2.0.2540_x64_SC.tmp
    Filesize

    693KB

    MD5

    af604435e4fc74e73392d34fa6317706

    SHA1

    316484b5ef1134b2d62db5ad5fd9ed3fc5af556d

    SHA256

    ac4489714608cafe31ee02418ca14022c9cfb1b06e0bd1496104b994492576ef

    SHA512

    c2cc4f8dc96d62386430ff1e20e0395acd266416fe2fd201c8eb105d49241395b136062405c77e2209d8136da9b3d66e944fe2cf27e29f5a9216e791260bd5a1

    Download Submit

  • memory/952-0-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/952-1-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/952-7-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/4644-5-0x00000000006A0000-0x00000000006A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4644-8-0x0000000000400000-0x00000000004BD000-memory.dmp

    Filesize

    756KB

    Download

  • memory/4644-11-0x00000000006A0000-0x00000000006A1000-memory.dmp

    Filesize

    4KB

    Download