Analysis
-
max time kernel
176s -
max time network
183s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
06-01-2024 03:45
Static task
static1
Behavioral task
behavioral1
Sample
4532268de407e274db6a5ec3792e0a6c.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
4532268de407e274db6a5ec3792e0a6c.exe
Resource
win10v2004-20231215-en
General
-
Target
4532268de407e274db6a5ec3792e0a6c.exe
-
Size
1.9MB
-
MD5
4532268de407e274db6a5ec3792e0a6c
-
SHA1
e431e9a9e08f2dfcfc8768a5e73f1e6057f555f4
-
SHA256
ed7f82a73d8b43a9e5042bb5ca6880ec7fd6923f6d135b7363e627e6a02461f5
-
SHA512
59bd251a050c652d17d62157f86130b99e1c543bdd63936d87c54800cfd64ce647a7cc03b02a8da9c062720860341f42fb37e63e0c9d9ef86390def0bc435da4
-
SSDEEP
49152:Qoa1taC070dvxjwjrlYq+OFMlK3wkrktfaktKxKc6e+8vQ9:Qoa1taC0OJwj+q+OFMlK3UtfajxKm3v+
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3220 3B10.tmp -
Executes dropped EXE 1 IoCs
pid Process 3220 3B10.tmp -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2460 wrote to memory of 3220 2460 4532268de407e274db6a5ec3792e0a6c.exe 93 PID 2460 wrote to memory of 3220 2460 4532268de407e274db6a5ec3792e0a6c.exe 93 PID 2460 wrote to memory of 3220 2460 4532268de407e274db6a5ec3792e0a6c.exe 93
Processes
-
C:\Users\Admin\AppData\Local\Temp\4532268de407e274db6a5ec3792e0a6c.exe"C:\Users\Admin\AppData\Local\Temp\4532268de407e274db6a5ec3792e0a6c.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2460 -
C:\Users\Admin\AppData\Local\Temp\3B10.tmp"C:\Users\Admin\AppData\Local\Temp\3B10.tmp" --splashC:\Users\Admin\AppData\Local\Temp\4532268de407e274db6a5ec3792e0a6c.exe 787601E2C0D94D898BA4452E248BB5388D996A71E81125A9F2F5D27E906E3E751FA943079D5A5BA99D3FC4845593D80A4F10F56B71064E1FE8285C4D5BFBC7B62⤵
- Deletes itself
- Executes dropped EXE
PID:3220
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
42KB
MD55dd39f8e99b6acb565b0faee78f6f32b
SHA16e10709a81b82eb265dd0f7b7d5dcf8b0b2741da
SHA25667c4c2c1ff8345fb723e8d3e6859bfb7edeb518dcbabec2c19aadfe2e8d5bc1a
SHA51233c885d8ba0cdebe1b2471dfa583c1768427edba746d3cd637a2a2a90f6a29bac1b35a86b2c17bdca7cb4b40b238bc15b7b3eb9f5a6527657ada98b7b0827ea9