Analysis

  • max time kernel
    142s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-01-2024 15:06

General

  • Target

    4e9f07d7dfae59dbb82423b7b3cd83ae.exe

  • Size

    1.9MB

  • MD5

    4e9f07d7dfae59dbb82423b7b3cd83ae

  • SHA1

    511f1f7278b875aa911a97f0b62200936767e0b9

  • SHA256

    cedf35105c626bd6cb9dcb248836f794e79cfa396f9e7189dda0180c67833d61

  • SHA512

    d42aa429ac09ed2cb14ca4ad8ac2b92723f23883c99a749becccc2e0740ef3c8cc72c58a63dba4dab1327ed2a87ed09908c1195a0f2019c751219b26a3e1768a

  • SSDEEP

    49152:Qoa1taC070dN1LG4hOmgEiOO0IBAOP+bdU5I4OW4R:Qoa1taC0HAOm608AOP+ZU5Vj4R

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4e9f07d7dfae59dbb82423b7b3cd83ae.exe
    "C:\Users\Admin\AppData\Local\Temp\4e9f07d7dfae59dbb82423b7b3cd83ae.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2808
    • C:\Users\Admin\AppData\Local\Temp\4DD2.tmp
      "C:\Users\Admin\AppData\Local\Temp\4DD2.tmp" --splashC:\Users\Admin\AppData\Local\Temp\4e9f07d7dfae59dbb82423b7b3cd83ae.exe 230B42D19479846BFE72564BE8D378F1250A22F69AD3FF192B3EC1739FFF39DC8124DEF862F7A2C0F0A453D24971A746561DDBAEB5C258D5E562D4CF2680010E
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:4360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\4DD2.tmp

    Filesize

    92KB

    MD5

    6e1ade04ace562019dbec7c80c9e402e

    SHA1

    04916d71593e6767c16b8a3dc34fc62557dc474e

    SHA256

    2c28bfbad146c1ee725595e00c7e1230f737265ad3801a01c220d16a0d0e9f35

    SHA512

    f03d1cb741a8f4a928201ac9d15038f234a5cd71a890c7001e5b9a19503149995c7686be9e9d19ccbe5757d752bfe541a60f819382b8aa579e3564c6c140ba38

  • memory/2808-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

  • memory/4360-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB