30bdd4958bbf8d1366decd44945aa166c45e3fc862b162951a964fc24969bfaa

Analysis

max time kernel
141s
max time network
67s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
10/01/2024, 22:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

51ccdc20e450c623de8c76ed494336b4.exe
Size

1.9MB
MD5

51ccdc20e450c623de8c76ed494336b4
SHA1

afdaa8e4c039e702b02ce3d44d0988cf87869f86
SHA256

30bdd4958bbf8d1366decd44945aa166c45e3fc862b162951a964fc24969bfaa
SHA512

aced1a3ab10709dfc32f61f0913ca941511d3674e1980f2a8911ccbd88c80e3376e64cb8578320b7d8663adab38b44f3b62cd23e36805a072b2e53a0b5d81a12
SSDEEP

49152:v2oABKC/EkXuq2GEwge9DFT8MMsuZORoaM4jaV:uoABK2EkxExezoZF4M

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3092	51ccdc20e450c623de8c76ed494336b4.tmp

Loads dropped DLL 1 IoCs

pid	Process
3092	51ccdc20e450c623de8c76ed494336b4.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 456 wrote to memory of 3092	456	51ccdc20e450c623de8c76ed494336b4.exe	16
PID 456 wrote to memory of 3092	456	51ccdc20e450c623de8c76ed494336b4.exe	16
PID 456 wrote to memory of 3092	456	51ccdc20e450c623de8c76ed494336b4.exe	16

C:\Users\Admin\AppData\Local\Temp\51ccdc20e450c623de8c76ed494336b4.exe
"C:\Users\Admin\AppData\Local\Temp\51ccdc20e450c623de8c76ed494336b4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:456
- C:\Users\Admin\AppData\Local\Temp\is-23FN3.tmp\51ccdc20e450c623de8c76ed494336b4.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-23FN3.tmp\51ccdc20e450c623de8c76ed494336b4.tmp" /SL5="$100220,1555768,53248,C:\Users\Admin\AppData\Local\Temp\51ccdc20e450c623de8c76ed494336b4.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-23FN3.tmp\51ccdc20e450c623de8c76ed494336b4.tmp

Filesize
21KB

MD5
2ace201c20b4834d93915c39787c58c2

SHA1
f7b90ee3b41746c819552902e217d2f41bedfe03

SHA256
133e619d77aff4058b69a9bb007cf3af538cda3818f13db14c61b34877c7e2f6

SHA512
eb6be2f2795df055a5e949ca4c8d20ac099d1c51ba98d66a3800b5fd8187397d82ebe7c23cb2a7f5787035957b7179d5b1ced2880a09917fbf79ebf59cbbac7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-23FN3.tmp\51ccdc20e450c623de8c76ed494336b4.tmp

Filesize
22KB

MD5
30ea5e5c242f5e23d469ee8398895c1d

SHA1
b6b3b0e0b55b93c44409b37ab76e066d2aa7fb95

SHA256
7ae1babab25bad8a4c91d18de1e20c79265f636e9026d07a69ec20e9f8b2ac5c

SHA512
6466a4d7a07c95247d977e81ed1eb07973cfd0955908f92d137f08510292881b38df74f2d2bec02cf16d42fe42583b4d9bef588fd43e855b99a0264afac005ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-VK3UG.tmp\Games.inf

Filesize
161B

MD5
61593d97dee8ca54fb07716b7e96cd7e

SHA1
ddd95395ca661002a5126b4fd309f0a4544939d2

SHA256
b0ab99788e42f815657de13b62c7e23e7ef49b6b7ef564014ba8af513d402165

SHA512
b01aca457a31f7137a09ba2bc08b56c936e6ffe9cb8c4f448f050293958e887717364eef10ceeb5cd72039559b02feb7ce1d62bd94f3386cb546af3d6bb023f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-VK3UG.tmp\isxdl.dll

Filesize
33KB

MD5
9d9677ebd51475ed6ec2b043128424ae

SHA1
4f5741a1d8bdf8ca0e156361be3f6552c9afafaf

SHA256
8f6194eb34ec7f4487d5c5ed5d2ca5c4b39739db105bc89e21c22a65659831d2

SHA512
43fa9e1808961e237617b5d43239547c2bc3af03204848963e94b99bc2e891b230a97580957d06527c9b5dc124b9f3bd18744e6705cb2d74992b912f5287a714

Download Submit
memory/456-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/456-2-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/456-30-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/3092-7-0x0000000002200000-0x0000000002201000-memory.dmp

Filesize
4KB

Download
memory/3092-31-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/3092-34-0x0000000002200000-0x0000000002201000-memory.dmp

Filesize
4KB

Download