b4afc301cbfc74b70e31244ee42a7c48971cc993be9c30b9b240f9588d84ccfc

Analysis

max time kernel
142s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/01/2024, 18:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

41a1fa2ed1ec9b5ecac081092a4b1748.exe
Size

1.7MB
MD5

41a1fa2ed1ec9b5ecac081092a4b1748
SHA1

41279b512dcc54bb408714abb94bd2bcaa36fb8f
SHA256

b4afc301cbfc74b70e31244ee42a7c48971cc993be9c30b9b240f9588d84ccfc
SHA512

cc1015d951854a25359ab3794809610ca70af3d15b08df2bc55e072e50616e7594d9ce21b979312c2d4cbeceb40d9efe342d7823b3802fac4dea7a3dd9a412b4
SSDEEP

49152:5aIqFA59OlcRkhFT+9tHwKogJwrs/ninXBgJ:QIxbOliTus6RgJ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2692	41a1fa2ed1ec9b5ecac081092a4b1748.tmp

Loads dropped DLL 4 IoCs

pid	Process
2076	41a1fa2ed1ec9b5ecac081092a4b1748.exe
2692	41a1fa2ed1ec9b5ecac081092a4b1748.tmp
2692	41a1fa2ed1ec9b5ecac081092a4b1748.tmp
2692	41a1fa2ed1ec9b5ecac081092a4b1748.tmp

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2692	41a1fa2ed1ec9b5ecac081092a4b1748.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 2692	2076	41a1fa2ed1ec9b5ecac081092a4b1748.exe	28
PID 2076 wrote to memory of 2692	2076	41a1fa2ed1ec9b5ecac081092a4b1748.exe	28
PID 2076 wrote to memory of 2692	2076	41a1fa2ed1ec9b5ecac081092a4b1748.exe	28
PID 2076 wrote to memory of 2692	2076	41a1fa2ed1ec9b5ecac081092a4b1748.exe	28
PID 2076 wrote to memory of 2692	2076	41a1fa2ed1ec9b5ecac081092a4b1748.exe	28
PID 2076 wrote to memory of 2692	2076	41a1fa2ed1ec9b5ecac081092a4b1748.exe	28
PID 2076 wrote to memory of 2692	2076	41a1fa2ed1ec9b5ecac081092a4b1748.exe	28

C:\Users\Admin\AppData\Local\Temp\41a1fa2ed1ec9b5ecac081092a4b1748.exe
"C:\Users\Admin\AppData\Local\Temp\41a1fa2ed1ec9b5ecac081092a4b1748.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Users\Admin\AppData\Local\Temp\is-L74IN.tmp\41a1fa2ed1ec9b5ecac081092a4b1748.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-L74IN.tmp\41a1fa2ed1ec9b5ecac081092a4b1748.tmp" /SL5="$80152,1461385,54272,C:\Users\Admin\AppData\Local\Temp\41a1fa2ed1ec9b5ecac081092a4b1748.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-KO1AK.tmp\Games.inf

Filesize
228B

MD5
b9e568436ff2d59f4fb16fa02e225cc9

SHA1
5fbb8f450e5b0e20ce887d6ce43eafa70fed0b41

SHA256
d087e66c873421c10d204cbde33ceedde8e0237d2036b34b07c32f38ff08bcac

SHA512
eecdf8216b9cae3d62d7278587e63c50a4e708d86415fbe63e79f0819a0b96ba1accd7fc5f55d85f11b0b86aaef88b8c626ab26651e6353daad4b2bf8263afd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-L74IN.tmp\41a1fa2ed1ec9b5ecac081092a4b1748.tmp

Filesize
594KB

MD5
eb4db4f7bad390caf9ba1e8c57c81387

SHA1
d7e6ec4ad4c187dbcb8a7153ba2798ea99ed79b5

SHA256
819c4242af70baaceb846bfd94802f1d03899f741ab9ebe3a58cc4920381c473

SHA512
0fb917b52d252f17a5cbe42b1c66969309131123d610222ad2c94951ea280cf0f3ec22cff1d1d405b25973aae1b16e9194d6755d2513eb245b508721879e7142

Download Submit
\Users\Admin\AppData\Local\Temp\is-KO1AK.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-KO1AK.tmp\isxdl.dll

Filesize
49KB

MD5
02ecc74f7f91e9ffd84de708683236a6

SHA1
3532de0b77df8b0fc89e9c7eddec3fa71f98f5a2

SHA256
30ad8a0e1cee091ca48c771adb2e76baf1a7d54b9f60dc47f54dfdc2d6f6691e

SHA512
a3fdaa651f82428395bc412a2a04fce673768d3ef088b3748addf337d95464eb141ae7c286bff5c705eae05dd7b38207629588ae7e89ada15269463cd7acf541

Download Submit
\Users\Admin\AppData\Local\Temp\is-L74IN.tmp\41a1fa2ed1ec9b5ecac081092a4b1748.tmp

Filesize
601KB

MD5
4de981f36aa45c4fc273a8bc7a2c05b2

SHA1
462a43602614905329e69e926f8afc9790274107

SHA256
0aad399dd7c77737ac1f9f8b7064b1914c68ca76de0fe8da26a68f2d19106a63

SHA512
2950b34b09cae02cc3099de2690eb715b39ae58915ac75df4d43126dff00d3285aa49d30c2f2b474ed36550f17f2afb55008263bfd1c08c300a708ca06fd249c

Download Submit
memory/2076-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2076-35-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2692-7-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2692-36-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/2692-39-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads