Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
08/01/2024, 03:42
Static task
static1
Behavioral task
behavioral1
Sample
4a58b278ebdd160721a1b09e0106bf6b.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
4a58b278ebdd160721a1b09e0106bf6b.exe
Resource
win10v2004-20231222-en
General
-
Target
4a58b278ebdd160721a1b09e0106bf6b.exe
-
Size
1.9MB
-
MD5
4a58b278ebdd160721a1b09e0106bf6b
-
SHA1
5ba9f243dca1faa77c59ee0b1f6171239d69040a
-
SHA256
87b238d626db6641bab27b227c56c356ddbdab10e18d8a4d14f1e4d238edd146
-
SHA512
74792beacc1b4da4c2fcc2614ee47e624e8c8e44f2c5789eae656dbb2ca3431883e6c97249cfd7565f80c4c86af95674f1e89e80f8fddf5708e678aed66c5fb1
-
SSDEEP
24576:N2oo60HPdt+1CRiY2eOBvcj3u10dfzNwDsbix6OxY8b1huRBXoeRrY2KUNih9WfH:Qoa1taC070dLNN7EY87Sa2KU4j/dXm
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1692 5822.tmp -
Executes dropped EXE 1 IoCs
pid Process 1692 5822.tmp -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2996 wrote to memory of 1692 2996 4a58b278ebdd160721a1b09e0106bf6b.exe 91 PID 2996 wrote to memory of 1692 2996 4a58b278ebdd160721a1b09e0106bf6b.exe 91 PID 2996 wrote to memory of 1692 2996 4a58b278ebdd160721a1b09e0106bf6b.exe 91
Processes
-
C:\Users\Admin\AppData\Local\Temp\4a58b278ebdd160721a1b09e0106bf6b.exe"C:\Users\Admin\AppData\Local\Temp\4a58b278ebdd160721a1b09e0106bf6b.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2996 -
C:\Users\Admin\AppData\Local\Temp\5822.tmp"C:\Users\Admin\AppData\Local\Temp\5822.tmp" --splashC:\Users\Admin\AppData\Local\Temp\4a58b278ebdd160721a1b09e0106bf6b.exe 43E959FA0AD5FB8B88CF7E3F4D4649925C075B66375415AA2FF17E5ECAB84142F5847BF22CE4860D2E36F9F448312BA60B3DAF7B696687BC1514E87B6FD2AE7E2⤵
- Deletes itself
- Executes dropped EXE
PID:1692
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
316KB
MD51d9c62f53e082e274d0002156c1186ff
SHA1f02b1c2a0b8dd32535dd2a9cf36356cbb8872554
SHA2565277cc7231fa93b4418f80cf8c2baedfeee0937e2ca9f5508c8e9b46b097be35
SHA51247f04a1209694263e07153c241e58bbc8efe95810d5682775568fcd7eab5f07b22050d92464d6ec907b685463e07ab98e6da2d80d5dd4b4c414edb1b0567ea71
-
Filesize
342KB
MD53b41ceea7fce06a842974f09525c0827
SHA19deac3149a6a74d056d5fc3cd11751d27d3379c0
SHA2565bce035e4a34f323631d291166299d3abbe93899f2def63a1dd500b36a2fe6a7
SHA51282cf0ed6da378d1226a40a447147d4f22afbea567ace782e763f3accab2a8f85774e2b62010b3266576bb81dac1946cfda6e7400e054d5fee7b618917f94953a