Analysis
-
max time kernel
142s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
09-01-2024 15:06
Static task
static1
Behavioral task
behavioral1
Sample
4e9f07d7dfae59dbb82423b7b3cd83ae.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
4e9f07d7dfae59dbb82423b7b3cd83ae.exe
Resource
win10v2004-20231215-en
General
-
Target
4e9f07d7dfae59dbb82423b7b3cd83ae.exe
-
Size
1.9MB
-
MD5
4e9f07d7dfae59dbb82423b7b3cd83ae
-
SHA1
511f1f7278b875aa911a97f0b62200936767e0b9
-
SHA256
cedf35105c626bd6cb9dcb248836f794e79cfa396f9e7189dda0180c67833d61
-
SHA512
d42aa429ac09ed2cb14ca4ad8ac2b92723f23883c99a749becccc2e0740ef3c8cc72c58a63dba4dab1327ed2a87ed09908c1195a0f2019c751219b26a3e1768a
-
SSDEEP
49152:Qoa1taC070dN1LG4hOmgEiOO0IBAOP+bdU5I4OW4R:Qoa1taC0HAOm608AOP+ZU5Vj4R
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 4360 4DD2.tmp -
Executes dropped EXE 1 IoCs
pid Process 4360 4DD2.tmp -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2808 wrote to memory of 4360 2808 4e9f07d7dfae59dbb82423b7b3cd83ae.exe 93 PID 2808 wrote to memory of 4360 2808 4e9f07d7dfae59dbb82423b7b3cd83ae.exe 93 PID 2808 wrote to memory of 4360 2808 4e9f07d7dfae59dbb82423b7b3cd83ae.exe 93
Processes
-
C:\Users\Admin\AppData\Local\Temp\4e9f07d7dfae59dbb82423b7b3cd83ae.exe"C:\Users\Admin\AppData\Local\Temp\4e9f07d7dfae59dbb82423b7b3cd83ae.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2808 -
C:\Users\Admin\AppData\Local\Temp\4DD2.tmp"C:\Users\Admin\AppData\Local\Temp\4DD2.tmp" --splashC:\Users\Admin\AppData\Local\Temp\4e9f07d7dfae59dbb82423b7b3cd83ae.exe 230B42D19479846BFE72564BE8D378F1250A22F69AD3FF192B3EC1739FFF39DC8124DEF862F7A2C0F0A453D24971A746561DDBAEB5C258D5E562D4CF2680010E2⤵
- Deletes itself
- Executes dropped EXE
PID:4360
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92KB
MD56e1ade04ace562019dbec7c80c9e402e
SHA104916d71593e6767c16b8a3dc34fc62557dc474e
SHA2562c28bfbad146c1ee725595e00c7e1230f737265ad3801a01c220d16a0d0e9f35
SHA512f03d1cb741a8f4a928201ac9d15038f234a5cd71a890c7001e5b9a19503149995c7686be9e9d19ccbe5757d752bfe541a60f819382b8aa579e3564c6c140ba38