Analysis
-
max time kernel
122s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
10/01/2024, 19:22
Static task
static1
Behavioral task
behavioral1
Sample
51660048d36ba4c7f0f4c1fb2e738461.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
51660048d36ba4c7f0f4c1fb2e738461.exe
Resource
win10v2004-20231215-en
General
-
Target
51660048d36ba4c7f0f4c1fb2e738461.exe
-
Size
837KB
-
MD5
51660048d36ba4c7f0f4c1fb2e738461
-
SHA1
dbc2131302f5794aa5223571e30dada5a6718b3d
-
SHA256
12f7ffc817f235b4f659100182278496343cd79e53181d0f7e081f3c55896515
-
SHA512
a30a5c8406aa52d46b9275d14a1b4fa817dcdaf1c286c1a2936d942d8715d7a958ed759861753f1adfcc343e9932cbd188da51721539ed289b500a3f2e99f575
-
SSDEEP
24576:OFdd0TTbZ3tI+rXkPE+PZ1itepHnf/GPQq/ozAVABp1:OvdGa+jMPZo49uP9g+AB
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 3020 51660048d36ba4c7f0f4c1fb2e738461.tmp -
Loads dropped DLL 1 IoCs
pid Process 2960 51660048d36ba4c7f0f4c1fb2e738461.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2960 wrote to memory of 3020 2960 51660048d36ba4c7f0f4c1fb2e738461.exe 28 PID 2960 wrote to memory of 3020 2960 51660048d36ba4c7f0f4c1fb2e738461.exe 28 PID 2960 wrote to memory of 3020 2960 51660048d36ba4c7f0f4c1fb2e738461.exe 28 PID 2960 wrote to memory of 3020 2960 51660048d36ba4c7f0f4c1fb2e738461.exe 28 PID 2960 wrote to memory of 3020 2960 51660048d36ba4c7f0f4c1fb2e738461.exe 28 PID 2960 wrote to memory of 3020 2960 51660048d36ba4c7f0f4c1fb2e738461.exe 28 PID 2960 wrote to memory of 3020 2960 51660048d36ba4c7f0f4c1fb2e738461.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\51660048d36ba4c7f0f4c1fb2e738461.exe"C:\Users\Admin\AppData\Local\Temp\51660048d36ba4c7f0f4c1fb2e738461.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2960 -
C:\Users\Admin\AppData\Local\Temp\is-5PTSF.tmp\51660048d36ba4c7f0f4c1fb2e738461.tmp"C:\Users\Admin\AppData\Local\Temp\is-5PTSF.tmp\51660048d36ba4c7f0f4c1fb2e738461.tmp" /SL5="$17014E,814666,148992,C:\Users\Admin\AppData\Local\Temp\51660048d36ba4c7f0f4c1fb2e738461.exe"2⤵
- Executes dropped EXE
PID:3020
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
61KB
MD55e0b2c13aa1c4934c8d2b5905dacac29
SHA12dfe171365d9d5015dc7298c1ba9da7d6ac1b60e
SHA256e7af1542c4354e20641ed1978a36cf84b5f6cbe117f8e705a27d254d52e5ab82
SHA512ad3bc71aa6ddea00de502604a641b730ecbcdb782a6a4b1a490ce70b5bf18fc5af802e7ab91a3cd7a95cf5b65c68ba9e86cf7e014eb41c37dd036f234a03645a