Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/01/2024, 03:42

General

  • Target

    4a58b278ebdd160721a1b09e0106bf6b.exe

  • Size

    1.9MB

  • MD5

    4a58b278ebdd160721a1b09e0106bf6b

  • SHA1

    5ba9f243dca1faa77c59ee0b1f6171239d69040a

  • SHA256

    87b238d626db6641bab27b227c56c356ddbdab10e18d8a4d14f1e4d238edd146

  • SHA512

    74792beacc1b4da4c2fcc2614ee47e624e8c8e44f2c5789eae656dbb2ca3431883e6c97249cfd7565f80c4c86af95674f1e89e80f8fddf5708e678aed66c5fb1

  • SSDEEP

    24576:N2oo60HPdt+1CRiY2eOBvcj3u10dfzNwDsbix6OxY8b1huRBXoeRrY2KUNih9WfH:Qoa1taC070dLNN7EY87Sa2KU4j/dXm

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4a58b278ebdd160721a1b09e0106bf6b.exe
    "C:\Users\Admin\AppData\Local\Temp\4a58b278ebdd160721a1b09e0106bf6b.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2996
    • C:\Users\Admin\AppData\Local\Temp\5822.tmp
      "C:\Users\Admin\AppData\Local\Temp\5822.tmp" --splashC:\Users\Admin\AppData\Local\Temp\4a58b278ebdd160721a1b09e0106bf6b.exe 43E959FA0AD5FB8B88CF7E3F4D4649925C075B66375415AA2FF17E5ECAB84142F5847BF22CE4860D2E36F9F448312BA60B3DAF7B696687BC1514E87B6FD2AE7E
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1692

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\5822.tmp

          Filesize

          316KB

          MD5

          1d9c62f53e082e274d0002156c1186ff

          SHA1

          f02b1c2a0b8dd32535dd2a9cf36356cbb8872554

          SHA256

          5277cc7231fa93b4418f80cf8c2baedfeee0937e2ca9f5508c8e9b46b097be35

          SHA512

          47f04a1209694263e07153c241e58bbc8efe95810d5682775568fcd7eab5f07b22050d92464d6ec907b685463e07ab98e6da2d80d5dd4b4c414edb1b0567ea71

        • C:\Users\Admin\AppData\Local\Temp\5822.tmp

          Filesize

          342KB

          MD5

          3b41ceea7fce06a842974f09525c0827

          SHA1

          9deac3149a6a74d056d5fc3cd11751d27d3379c0

          SHA256

          5bce035e4a34f323631d291166299d3abbe93899f2def63a1dd500b36a2fe6a7

          SHA512

          82cf0ed6da378d1226a40a447147d4f22afbea567ace782e763f3accab2a8f85774e2b62010b3266576bb81dac1946cfda6e7400e054d5fee7b618917f94953a

        • memory/1692-5-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

        • memory/2996-0-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB