Resubmissions

13-01-2024 14:30

240113-rvaj8aahcn 3

13-01-2024 14:29

240113-rtp9aaahcm 3

13-01-2024 14:27

240113-rskx6sbgb5 8

Analysis

  • max time kernel
    1717s
  • max time network
    1173s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    13-01-2024 14:30

General

  • Target

    LimoreSupra.exe

  • Size

    295KB

  • MD5

    b20ec243a031d92f2614fba247b87dea

  • SHA1

    7a7c86d82977cc2f8833a2bfe23d69e27a9262b3

  • SHA256

    ba6f1358d08da922800e402e8e2d98797ba965c76e6a5bdc0d8e89b6ba8d655a

  • SHA512

    302fe1c554c57561a2ae94d393379106c91df80125a380cf0127a36663d9e4ce6a10ffb21a144e6089b89b64e3f3c844e043a770f02d8eca0e5e14a3e748a6ca

  • SSDEEP

    3072:o7DhdC6kzWypvaQ0FxyNTBf5vnH+zs8i89G3tHIEYO+844:oBlkZvaF4NTBxfezsz6gIEYOLj

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\LimoreSupra.exe
    "C:\Users\Admin\AppData\Local\Temp\LimoreSupra.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2840
    • C:\Windows\system32\cmd.exe
      "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\6C66.tmp\6C67.tmp\6C68.bat C:\Users\Admin\AppData\Local\Temp\LimoreSupra.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4360
      • C:\Windows\system32\chcp.com
        chcp 65001
        3⤵
          PID:3436
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /c echo prompt $E | cmd
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:3452
          • C:\Windows\system32\cmd.exe
            C:\Windows\system32\cmd.exe /S /D /c" echo prompt $E "
            4⤵
              PID:4868
            • C:\Windows\system32\cmd.exe
              cmd
              4⤵
                PID:4256

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\6C66.tmp\6C67.tmp\6C68.bat

          Filesize

          1KB

          MD5

          2be6e948b124fbced8c634b0a7ebd777

          SHA1

          552ee3a528d1fedf767089d2e0e2fab3275c4619

          SHA256

          fabdeb86a73eaaf1ea9416453bf324fe4053b02b378ae180b37668974eb61b51

          SHA512

          7ead4c5f5d5f1e755f5051fbeeb483a4c1bd4f0706f48df11c1c2b19aaa33e5e34aa9151e19f7d96aeee40fae4a9dac6c3192152efbcb6a7afd443e328759a88