b4afc301cbfc74b70e31244ee42a7c48971cc993be9c30b9b240f9588d84ccfc

Analysis

max time kernel
141s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04/01/2024, 18:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

41a1fa2ed1ec9b5ecac081092a4b1748.exe
Size

1.7MB
MD5

41a1fa2ed1ec9b5ecac081092a4b1748
SHA1

41279b512dcc54bb408714abb94bd2bcaa36fb8f
SHA256

b4afc301cbfc74b70e31244ee42a7c48971cc993be9c30b9b240f9588d84ccfc
SHA512

cc1015d951854a25359ab3794809610ca70af3d15b08df2bc55e072e50616e7594d9ce21b979312c2d4cbeceb40d9efe342d7823b3802fac4dea7a3dd9a412b4
SSDEEP

49152:5aIqFA59OlcRkhFT+9tHwKogJwrs/ninXBgJ:QIxbOliTus6RgJ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
800	41a1fa2ed1ec9b5ecac081092a4b1748.tmp

Loads dropped DLL 1 IoCs

pid	Process
800	41a1fa2ed1ec9b5ecac081092a4b1748.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 988 wrote to memory of 800	988	41a1fa2ed1ec9b5ecac081092a4b1748.exe	89
PID 988 wrote to memory of 800	988	41a1fa2ed1ec9b5ecac081092a4b1748.exe	89
PID 988 wrote to memory of 800	988	41a1fa2ed1ec9b5ecac081092a4b1748.exe	89

C:\Users\Admin\AppData\Local\Temp\41a1fa2ed1ec9b5ecac081092a4b1748.exe
"C:\Users\Admin\AppData\Local\Temp\41a1fa2ed1ec9b5ecac081092a4b1748.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:988
- C:\Users\Admin\AppData\Local\Temp\is-9NK7N.tmp\41a1fa2ed1ec9b5ecac081092a4b1748.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-9NK7N.tmp\41a1fa2ed1ec9b5ecac081092a4b1748.tmp" /SL5="$10006A,1461385,54272,C:\Users\Admin\AppData\Local\Temp\41a1fa2ed1ec9b5ecac081092a4b1748.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-9NK7N.tmp\41a1fa2ed1ec9b5ecac081092a4b1748.tmp

Filesize
688KB

MD5
c765336f0dcf4efdcc2101eed67cd30c

SHA1
fa0279f59738c5aa3b6b20106e109ccd77f895a7

SHA256
c5177fdc6031728e10141745cd69edbc91c92d14411a2dec6e8e8caa4f74ab28

SHA512
06a67ac37c20897967e2cad453793a6ef1c7804d4c578404f845daa88c859b15b0acb51642e6ad23ca6ba6549b02d5f6c98b1fa402004bdbf9d646abab7ec891

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NACJ4.tmp\Games.inf

Filesize
228B

MD5
b9e568436ff2d59f4fb16fa02e225cc9

SHA1
5fbb8f450e5b0e20ce887d6ce43eafa70fed0b41

SHA256
d087e66c873421c10d204cbde33ceedde8e0237d2036b34b07c32f38ff08bcac

SHA512
eecdf8216b9cae3d62d7278587e63c50a4e708d86415fbe63e79f0819a0b96ba1accd7fc5f55d85f11b0b86aaef88b8c626ab26651e6353daad4b2bf8263afd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NACJ4.tmp\isxdl.dll

Filesize
49KB

MD5
02ecc74f7f91e9ffd84de708683236a6

SHA1
3532de0b77df8b0fc89e9c7eddec3fa71f98f5a2

SHA256
30ad8a0e1cee091ca48c771adb2e76baf1a7d54b9f60dc47f54dfdc2d6f6691e

SHA512
a3fdaa651f82428395bc412a2a04fce673768d3ef088b3748addf337d95464eb141ae7c286bff5c705eae05dd7b38207629588ae7e89ada15269463cd7acf541

Download Submit
memory/800-7-0x0000000002240000-0x0000000002241000-memory.dmp

Filesize
4KB

Download
memory/800-35-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/800-38-0x0000000002240000-0x0000000002241000-memory.dmp

Filesize
4KB

Download
memory/988-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/988-2-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/988-34-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads