515e935de3fd118b23c5ccfacd9afbb7aa5da65bacdcc758327869187a45834e

Analysis

max time kernel
172s
max time network
187s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04-01-2024 16:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4159a4f81fa9344c38ce28aed749ffe3.exe
Size

705KB
MD5

4159a4f81fa9344c38ce28aed749ffe3
SHA1

b47ae8ebea19df4005d82f7f4910283bccd5b155
SHA256

515e935de3fd118b23c5ccfacd9afbb7aa5da65bacdcc758327869187a45834e
SHA512

ed7c1bfafb16e422c1aceaac2242f0ea34c60c107cefb45afb18630ba32485f9ca73594fc3790f849108c1151e44e3ffc31fc51ab05d5b95b8a7cd47f4d62184
SSDEEP

12288:5na9TiSfSUVav4CZXfGswyOWZc8k+fAFgh1fsgVoJtcvS38LCJQBtdGs1rBLsJ:5nahr9VagC56/tjeV0kS3rJQBtUkBgJ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1720	4159a4f81fa9344c38ce28aed749ffe3.tmp

Loads dropped DLL 3 IoCs

pid	Process
1720	4159a4f81fa9344c38ce28aed749ffe3.tmp
1720	4159a4f81fa9344c38ce28aed749ffe3.tmp
1720	4159a4f81fa9344c38ce28aed749ffe3.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3780 wrote to memory of 1720	3780	4159a4f81fa9344c38ce28aed749ffe3.exe	88
PID 3780 wrote to memory of 1720	3780	4159a4f81fa9344c38ce28aed749ffe3.exe	88
PID 3780 wrote to memory of 1720	3780	4159a4f81fa9344c38ce28aed749ffe3.exe	88

C:\Users\Admin\AppData\Local\Temp\4159a4f81fa9344c38ce28aed749ffe3.exe
"C:\Users\Admin\AppData\Local\Temp\4159a4f81fa9344c38ce28aed749ffe3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3780
- C:\Users\Admin\AppData\Local\Temp\is-H7L51.tmp\4159a4f81fa9344c38ce28aed749ffe3.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-H7L51.tmp\4159a4f81fa9344c38ce28aed749ffe3.tmp" /SL5="$601E6,398927,54272,C:\Users\Admin\AppData\Local\Temp\4159a4f81fa9344c38ce28aed749ffe3.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-ALDRF.tmp\Games.inf

Filesize
242B

MD5
9b883b600cb364eeae65d24604d7497b

SHA1
af9b77c603b2dd67c44a5a68d670beb413ceff2f

SHA256
6a4fd89b2b1949f852f66494577e9113c5725f263e9709fff6d6774a2d05efc2

SHA512
ef1440655a24fe09936b46eb45284d98033a487f1a840732c51c377d04eb7dd4cb06bcf396fe546571fc531860a0520069034e38be37ff6bad5809efbd4ebe13

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-ALDRF.tmp\isxdl.dll

Filesize
49KB

MD5
02ecc74f7f91e9ffd84de708683236a6

SHA1
3532de0b77df8b0fc89e9c7eddec3fa71f98f5a2

SHA256
30ad8a0e1cee091ca48c771adb2e76baf1a7d54b9f60dc47f54dfdc2d6f6691e

SHA512
a3fdaa651f82428395bc412a2a04fce673768d3ef088b3748addf337d95464eb141ae7c286bff5c705eae05dd7b38207629588ae7e89ada15269463cd7acf541

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-ALDRF.tmp\itdownload.dll

Filesize
200KB

MD5
d82a429efd885ca0f324dd92afb6b7b8

SHA1
86bbdaa15e6fc5c7779ac69c84e53c43c9eb20ea

SHA256
b258c4d7d2113dee2168ed7e35568c8e03341e24e3eafc7a22a0d62e32122ef3

SHA512
5bf0c3b8fa5db63205a263c4fa5337188173248bef609ba4d03508c50db1fd1e336f3041ce96d78cc97659357a83e6e422f5b079d893a20a683270e05f5438df

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-H7L51.tmp\4159a4f81fa9344c38ce28aed749ffe3.tmp

Filesize
559KB

MD5
12ca8c36b3ef659138e4b89639017b29

SHA1
2555e99744b6bf3ff0f2c84394e427d18f185883

SHA256
7be46541472229e21cc16febe5b0f8bde91e9242ab5c1a5cd8b0985d1838ea46

SHA512
d38573401e08491c2f921a7574a99adeba887635418be444fa20e354533ce29411b70c0e5623315b4e8afd25c01b1b6fcf21d9d3ddfb32e6f0082d6e9c7cd137

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-H7L51.tmp\4159a4f81fa9344c38ce28aed749ffe3.tmp

Filesize
246KB

MD5
9f20010e78a067de3a1c47a8a05f297c

SHA1
ba8f368dc233afb643ff355f79babe490d49e4ce

SHA256
383be3764dd5b7e731eef0f1190cbb149cbb33b088e020643d1877b132f6d9f9

SHA512
930c130acd1c9a3bf93e937a16a7ad652c623d61472bf3999cd2ac60aeddb880e5c9498d40f68dba719aca403bca2b8f06eb95213fdd7da9b03a4d63f229c94c

Download Submit
memory/1720-17-0x00000000032A0000-0x00000000032DC000-memory.dmp

Filesize
240KB

Download
memory/1720-7-0x0000000002240000-0x0000000002241000-memory.dmp

Filesize
4KB

Download
memory/1720-37-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/1720-38-0x00000000032A0000-0x00000000032DC000-memory.dmp

Filesize
240KB

Download
memory/1720-42-0x0000000002240000-0x0000000002241000-memory.dmp

Filesize
4KB

Download
memory/3780-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/3780-2-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/3780-36-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads