Resubmissions
13-01-2024 14:30
240113-rvaj8aahcn 313-01-2024 14:29
240113-rtp9aaahcm 313-01-2024 14:27
240113-rskx6sbgb5 8Analysis
-
max time kernel
1717s -
max time network
1173s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-es -
resource tags
arch:x64arch:x86image:win10v2004-20231215-eslocale:es-esos:windows10-2004-x64systemwindows -
submitted
13-01-2024 14:30
Static task
static1
Behavioral task
behavioral1
Sample
LimoreSupra.exe
Resource
win10v2004-20231215-es
General
-
Target
LimoreSupra.exe
-
Size
295KB
-
MD5
b20ec243a031d92f2614fba247b87dea
-
SHA1
7a7c86d82977cc2f8833a2bfe23d69e27a9262b3
-
SHA256
ba6f1358d08da922800e402e8e2d98797ba965c76e6a5bdc0d8e89b6ba8d655a
-
SHA512
302fe1c554c57561a2ae94d393379106c91df80125a380cf0127a36663d9e4ce6a10ffb21a144e6089b89b64e3f3c844e043a770f02d8eca0e5e14a3e748a6ca
-
SSDEEP
3072:o7DhdC6kzWypvaQ0FxyNTBf5vnH+zs8i89G3tHIEYO+844:oBlkZvaF4NTBxfezsz6gIEYOLj
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 10 IoCs
description pid Process procid_target PID 2840 wrote to memory of 4360 2840 LimoreSupra.exe 89 PID 2840 wrote to memory of 4360 2840 LimoreSupra.exe 89 PID 4360 wrote to memory of 3436 4360 cmd.exe 91 PID 4360 wrote to memory of 3436 4360 cmd.exe 91 PID 4360 wrote to memory of 3452 4360 cmd.exe 92 PID 4360 wrote to memory of 3452 4360 cmd.exe 92 PID 3452 wrote to memory of 4868 3452 cmd.exe 93 PID 3452 wrote to memory of 4868 3452 cmd.exe 93 PID 3452 wrote to memory of 4256 3452 cmd.exe 94 PID 3452 wrote to memory of 4256 3452 cmd.exe 94
Processes
-
C:\Users\Admin\AppData\Local\Temp\LimoreSupra.exe"C:\Users\Admin\AppData\Local\Temp\LimoreSupra.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2840 -
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\6C66.tmp\6C67.tmp\6C68.bat C:\Users\Admin\AppData\Local\Temp\LimoreSupra.exe"2⤵
- Suspicious use of WriteProcessMemory
PID:4360 -
C:\Windows\system32\chcp.comchcp 650013⤵PID:3436
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c echo prompt $E | cmd3⤵
- Suspicious use of WriteProcessMemory
PID:3452 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /S /D /c" echo prompt $E "4⤵PID:4868
-
-
C:\Windows\system32\cmd.execmd4⤵PID:4256
-
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD52be6e948b124fbced8c634b0a7ebd777
SHA1552ee3a528d1fedf767089d2e0e2fab3275c4619
SHA256fabdeb86a73eaaf1ea9416453bf324fe4053b02b378ae180b37668974eb61b51
SHA5127ead4c5f5d5f1e755f5051fbeeb483a4c1bd4f0706f48df11c1c2b19aaa33e5e34aa9151e19f7d96aeee40fae4a9dac6c3192152efbcb6a7afd443e328759a88