Analysis

  • max time kernel
    145s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/01/2024, 04:13

General

  • Target

    Patch_Activation-Harmony_21_Search-&.exe

  • Size

    6.5MB

  • MD5

    f5bee32d5afbbfb80d0c81e0a0504aa8

  • SHA1

    49692825b07e7c738663c5ef164537a8564cdc1d

  • SHA256

    5770b33814538e95d557ffec815b7f25d550bebd52e2504fd3c7f93aa3e06e06

  • SHA512

    c6e4298d8950d09b86786a8ceac6cd3449d7ac5301c30f276e66044163bad984e2e0184ddc0235ae34a6d3821ede28129fe1808d55091251815cd974c051b0d2

  • SSDEEP

    196608:Q3Jnr3ep3+MmWx+fywJ0UCtxtg71zb6/Qoz22k:Q323FXMvfCtxta1z6XCF

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Patch_Activation-Harmony_21_Search-&.exe
    "C:\Users\Admin\AppData\Local\Temp\Patch_Activation-Harmony_21_Search-&.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3480
    • C:\Users\Admin\AppData\Local\Temp\is-5969T.tmp\Patch_Activation-Harmony_21_Search-&.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-5969T.tmp\Patch_Activation-Harmony_21_Search-&.tmp" /SL5="$501E0,6355818,111616,C:\Users\Admin\AppData\Local\Temp\Patch_Activation-Harmony_21_Search-&.exe"
      2⤵
      • Executes dropped EXE
      PID:1488

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\is-5969T.tmp\Patch_Activation-Harmony_21_Search-&.tmp

          Filesize

          754KB

          MD5

          d8467ca1f529c6c6decb1b82dbaed1df

          SHA1

          a4a21c366a4f4331e13bada80682a117c9d17be2

          SHA256

          d12e8487b5941b9552e2ad2f742938cff407cb80825ad4dbb1b54de2c706ce81

          SHA512

          03a519849743a7f71ae2974b4d5d08ceba8555f06ff8c64a4a99749bbef99d59f40effc34f3f8afbb56d8370c1171a5f5ba5de4d0ca830bfb28b16c5e6956257

        • memory/1488-6-0x0000000002210000-0x0000000002211000-memory.dmp

          Filesize

          4KB

        • memory/1488-9-0x0000000000400000-0x00000000004CC000-memory.dmp

          Filesize

          816KB

        • memory/1488-12-0x0000000002210000-0x0000000002211000-memory.dmp

          Filesize

          4KB

        • memory/1488-18-0x0000000000400000-0x00000000004CC000-memory.dmp

          Filesize

          816KB

        • memory/3480-1-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

        • memory/3480-8-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB