093f196a31e586d027cc1fd720f03d9dfa0dd0cda4ad27a3cc310d57cdbbfdd2

Analysis

max time kernel
146s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
10-01-2024 18:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

parentalcontrolsetup.exe
Size

1.9MB
MD5

7a62bce2d731b737ad61473d6f0815f8
SHA1

e315a87a4e8145bd919eed8d633bdc8f8a1d5010
SHA256

a4e0bc3a14238d5fd855a652492d3282edbe67241b9649ef1a649fea66694e75
SHA512

6ac22bf005991d7cb307b4c021a27d7d4e5e4b293e2ad83701c8ed3007157cc959555980fbb529ef2274d0c41650672c63f48edc0de7d0c47c48e43b3e4dbcb0
SSDEEP

49152:76dFTbyCiKE/RPcWSwW5fkA5sYcOWLI9KVjMoC2UalwVbv4e:edFT2CcpPcWSwW5fZsYcOS5ZC2DKVb1

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2412	is-05R8E.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1548 wrote to memory of 2412	1548	parentalcontrolsetup.exe	76
PID 1548 wrote to memory of 2412	1548	parentalcontrolsetup.exe	76
PID 1548 wrote to memory of 2412	1548	parentalcontrolsetup.exe	76

C:\Users\Admin\AppData\Local\Temp\parentalcontrolsetup.exe
"C:\Users\Admin\AppData\Local\Temp\parentalcontrolsetup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1548
- C:\Users\Admin\AppData\Local\Temp\is-8265B.tmp\is-05R8E.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-8265B.tmp\is-05R8E.tmp" /SL4 $501C6 "C:\Users\Admin\AppData\Local\Temp\parentalcontrolsetup.exe" 1719399 52224
  2⤵
  - Executes dropped EXE
  PID:2412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1548-0-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/1548-2-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/1548-13-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/2412-7-0x0000000000650000-0x0000000000651000-memory.dmp

Filesize
4KB

Download
memory/2412-14-0x0000000000400000-0x00000000004B0000-memory.dmp

Filesize
704KB

Download
memory/2412-17-0x0000000000650000-0x0000000000651000-memory.dmp

Filesize
4KB

Download