bea809c754806cfcc976a8486b48def350ba5a697f1b843e324c3be0f22a6430

Analysis

max time kernel
149s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
19/01/2024, 01:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

66901283c5f9a88a67c679aae0424561.exe
Size

176KB
MD5

66901283c5f9a88a67c679aae0424561
SHA1

ab8fe7aa363e5e1ec977b3869770935bb7c30f28
SHA256

bea809c754806cfcc976a8486b48def350ba5a697f1b843e324c3be0f22a6430
SHA512

cffb7016d0ce446efb8c48b99225951f4956bcb662b25aeed7ede59ce175a844b958fbc70a1104e058f9b59f38c5e40bcea096b3ca0977424f502ec83ddf361b
SSDEEP

3072:f+pN0MPHojolcI/AzUjD57MMXRn3ES4niWlCxstMWestZ2GC2VYUffxTDs5B:m5HokKzUjFMMh3ESpcCj1zs3ffYB

Score

1^/10

Malware Config

Signatures

Suspicious behavior: RenamesItself 21 IoCs

pid	Process
540	66901283c5f9a88a67c679aae0424561.exe
2744	xbjecjdkiodn.exe
2276	cpqvvkrwmkv.exe
3660	kopwcuwgcf.exe
4260	smxeurjjm.exe
1940	bzagau.exe
3356	iqolymjhsyf.exe
3872	hwcbn.exe
3824	jeqtbzlywz.exe
3864	fiwrflrg.exe
4468	poyyojqfvsauk.exe
3952	opyiwzluxz.exe
2880	isaphatqkoiym.exe
2296	mtztuwgyke.exe
3628	nflmvmjfh.exe
1352	bekdpawvhwwz.exe
4312	oqjegphtw.exe
5044	jrrido.exe
3768	vzgowjwuwkv.exe
1368	hyloqqwm.exe
4744	ufeeimuz.exe

Suspicious use of WriteProcessMemory 63 IoCs

description	pid	Process	procid_target
PID 540 wrote to memory of 2744	540	66901283c5f9a88a67c679aae0424561.exe	101
PID 540 wrote to memory of 2744	540	66901283c5f9a88a67c679aae0424561.exe	101
PID 540 wrote to memory of 2744	540	66901283c5f9a88a67c679aae0424561.exe	101
PID 2744 wrote to memory of 2276	2744	xbjecjdkiodn.exe	104
PID 2744 wrote to memory of 2276	2744	xbjecjdkiodn.exe	104
PID 2744 wrote to memory of 2276	2744	xbjecjdkiodn.exe	104
PID 2276 wrote to memory of 3660	2276	cpqvvkrwmkv.exe	105
PID 2276 wrote to memory of 3660	2276	cpqvvkrwmkv.exe	105
PID 2276 wrote to memory of 3660	2276	cpqvvkrwmkv.exe	105
PID 3660 wrote to memory of 4260	3660	kopwcuwgcf.exe	106
PID 3660 wrote to memory of 4260	3660	kopwcuwgcf.exe	106
PID 3660 wrote to memory of 4260	3660	kopwcuwgcf.exe	106
PID 4260 wrote to memory of 1940	4260	smxeurjjm.exe	111
PID 4260 wrote to memory of 1940	4260	smxeurjjm.exe	111
PID 4260 wrote to memory of 1940	4260	smxeurjjm.exe	111
PID 1940 wrote to memory of 3356	1940	bzagau.exe	112
PID 1940 wrote to memory of 3356	1940	bzagau.exe	112
PID 1940 wrote to memory of 3356	1940	bzagau.exe	112
PID 3356 wrote to memory of 3872	3356	iqolymjhsyf.exe	113
PID 3356 wrote to memory of 3872	3356	iqolymjhsyf.exe	113
PID 3356 wrote to memory of 3872	3356	iqolymjhsyf.exe	113
PID 3872 wrote to memory of 3824	3872	hwcbn.exe	114
PID 3872 wrote to memory of 3824	3872	hwcbn.exe	114
PID 3872 wrote to memory of 3824	3872	hwcbn.exe	114
PID 3824 wrote to memory of 3864	3824	jeqtbzlywz.exe	116
PID 3824 wrote to memory of 3864	3824	jeqtbzlywz.exe	116
PID 3824 wrote to memory of 3864	3824	jeqtbzlywz.exe	116
PID 3864 wrote to memory of 4468	3864	fiwrflrg.exe	117
PID 3864 wrote to memory of 4468	3864	fiwrflrg.exe	117
PID 3864 wrote to memory of 4468	3864	fiwrflrg.exe	117
PID 4468 wrote to memory of 3952	4468	poyyojqfvsauk.exe	118
PID 4468 wrote to memory of 3952	4468	poyyojqfvsauk.exe	118
PID 4468 wrote to memory of 3952	4468	poyyojqfvsauk.exe	118
PID 3952 wrote to memory of 2880	3952	opyiwzluxz.exe	119
PID 3952 wrote to memory of 2880	3952	opyiwzluxz.exe	119
PID 3952 wrote to memory of 2880	3952	opyiwzluxz.exe	119
PID 2880 wrote to memory of 2296	2880	isaphatqkoiym.exe	120
PID 2880 wrote to memory of 2296	2880	isaphatqkoiym.exe	120
PID 2880 wrote to memory of 2296	2880	isaphatqkoiym.exe	120
PID 2296 wrote to memory of 3628	2296	mtztuwgyke.exe	125
PID 2296 wrote to memory of 3628	2296	mtztuwgyke.exe	125
PID 2296 wrote to memory of 3628	2296	mtztuwgyke.exe	125
PID 3628 wrote to memory of 1352	3628	nflmvmjfh.exe	131
PID 3628 wrote to memory of 1352	3628	nflmvmjfh.exe	131
PID 3628 wrote to memory of 1352	3628	nflmvmjfh.exe	131
PID 1352 wrote to memory of 4312	1352	bekdpawvhwwz.exe	132
PID 1352 wrote to memory of 4312	1352	bekdpawvhwwz.exe	132
PID 1352 wrote to memory of 4312	1352	bekdpawvhwwz.exe	132
PID 4312 wrote to memory of 5044	4312	oqjegphtw.exe	133
PID 4312 wrote to memory of 5044	4312	oqjegphtw.exe	133
PID 4312 wrote to memory of 5044	4312	oqjegphtw.exe	133
PID 5044 wrote to memory of 3768	5044	jrrido.exe	134
PID 5044 wrote to memory of 3768	5044	jrrido.exe	134
PID 5044 wrote to memory of 3768	5044	jrrido.exe	134
PID 3768 wrote to memory of 1368	3768	vzgowjwuwkv.exe	137
PID 3768 wrote to memory of 1368	3768	vzgowjwuwkv.exe	137
PID 3768 wrote to memory of 1368	3768	vzgowjwuwkv.exe	137
PID 1368 wrote to memory of 4744	1368	hyloqqwm.exe	138
PID 1368 wrote to memory of 4744	1368	hyloqqwm.exe	138
PID 1368 wrote to memory of 4744	1368	hyloqqwm.exe	138
PID 4744 wrote to memory of 2972	4744	ufeeimuz.exe	139
PID 4744 wrote to memory of 2972	4744	ufeeimuz.exe	139
PID 4744 wrote to memory of 2972	4744	ufeeimuz.exe	139

C:\Users\Admin\AppData\Local\Temp\66901283c5f9a88a67c679aae0424561.exe
"C:\Users\Admin\AppData\Local\Temp\66901283c5f9a88a67c679aae0424561.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:540
- C:\Windows\SysWOW64\xbjecjdkiodn.exe
  C:\Windows\system32\xbjecjdkiodn.exe
  2⤵
  - Suspicious behavior: RenamesItself
  - Suspicious use of WriteProcessMemory
  PID:2744
- - C:\Windows\SysWOW64\cpqvvkrwmkv.exe
    C:\Windows\system32\cpqvvkrwmkv.exe
    3⤵
    - Suspicious behavior: RenamesItself
    - Suspicious use of WriteProcessMemory
    PID:2276
  - - C:\Windows\SysWOW64\kopwcuwgcf.exe
      C:\Windows\system32\kopwcuwgcf.exe
      4⤵
      Suspicious behavior: RenamesItself
      Suspicious use of WriteProcessMemory
      PID:3660
    - - C:\Windows\SysWOW64\smxeurjjm.exe
        
        C:\Windows\system32\smxeurjjm.exe
        5⤵
        Suspicious behavior: RenamesItself
        Suspicious use of WriteProcessMemory
        
        PID:4260
      - C:\Windows\SysWOW64\bzagau.exe
        
        C:\Windows\system32\bzagau.exe
        6⤵
        Suspicious behavior: RenamesItself
        Suspicious use of WriteProcessMemory
        
        PID:1940
        
        C:\Windows\SysWOW64\iqolymjhsyf.exe
        
        C:\Windows\system32\iqolymjhsyf.exe
        7⤵
        Suspicious behavior: RenamesItself
        Suspicious use of WriteProcessMemory
        
        PID:3356
        
        C:\Windows\SysWOW64\hwcbn.exe
        
        C:\Windows\system32\hwcbn.exe
        8⤵
        Suspicious behavior: RenamesItself
        Suspicious use of WriteProcessMemory
        
        PID:3872
        
        C:\Windows\SysWOW64\jeqtbzlywz.exe
        
        C:\Windows\system32\jeqtbzlywz.exe
        9⤵
        Suspicious behavior: RenamesItself
        Suspicious use of WriteProcessMemory
        
        PID:3824
        
        C:\Windows\SysWOW64\fiwrflrg.exe
        
        C:\Windows\system32\fiwrflrg.exe
        10⤵
        Suspicious behavior: RenamesItself
        Suspicious use of WriteProcessMemory
        
        PID:3864
        
        C:\Windows\SysWOW64\poyyojqfvsauk.exe
        
        C:\Windows\system32\poyyojqfvsauk.exe
        11⤵
        Suspicious behavior: RenamesItself
        Suspicious use of WriteProcessMemory
        
        PID:4468
        
        C:\Windows\SysWOW64\opyiwzluxz.exe
        
        C:\Windows\system32\opyiwzluxz.exe
        12⤵
        Suspicious behavior: RenamesItself
        Suspicious use of WriteProcessMemory
        
        PID:3952
        
        C:\Windows\SysWOW64\isaphatqkoiym.exe
        
        C:\Windows\system32\isaphatqkoiym.exe
        13⤵
        Suspicious behavior: RenamesItself
        Suspicious use of WriteProcessMemory
        
        PID:2880
        
        C:\Windows\SysWOW64\mtztuwgyke.exe
        
        C:\Windows\system32\mtztuwgyke.exe
        14⤵
        Suspicious behavior: RenamesItself
        Suspicious use of WriteProcessMemory
        
        PID:2296
        
        C:\Windows\SysWOW64\nflmvmjfh.exe
        
        C:\Windows\system32\nflmvmjfh.exe
        15⤵
        Suspicious behavior: RenamesItself
        Suspicious use of WriteProcessMemory
        
        PID:3628
        
        C:\Windows\SysWOW64\bekdpawvhwwz.exe
        
        C:\Windows\system32\bekdpawvhwwz.exe
        16⤵
        Suspicious behavior: RenamesItself
        Suspicious use of WriteProcessMemory
        
        PID:1352
        
        C:\Windows\SysWOW64\oqjegphtw.exe
        
        C:\Windows\system32\oqjegphtw.exe
        17⤵
        Suspicious behavior: RenamesItself
        Suspicious use of WriteProcessMemory
        
        PID:4312
        
        C:\Windows\SysWOW64\jrrido.exe
        
        C:\Windows\system32\jrrido.exe
        18⤵
        Suspicious behavior: RenamesItself
        Suspicious use of WriteProcessMemory
        
        PID:5044
        
        C:\Windows\SysWOW64\vzgowjwuwkv.exe
        
        C:\Windows\system32\vzgowjwuwkv.exe
        19⤵
        Suspicious behavior: RenamesItself
        Suspicious use of WriteProcessMemory
        
        PID:3768
        
        C:\Windows\SysWOW64\hyloqqwm.exe
        
        C:\Windows\system32\hyloqqwm.exe
        20⤵
        Suspicious behavior: RenamesItself
        Suspicious use of WriteProcessMemory
        
        PID:1368
        
        C:\Windows\SysWOW64\ufeeimuz.exe
        
        C:\Windows\system32\ufeeimuz.exe
        21⤵
        Suspicious behavior: RenamesItself
        Suspicious use of WriteProcessMemory
        
        PID:4744
        
        C:\Windows\SysWOW64\bsiau.exe
        
        C:\Windows\system32\bsiau.exe
        22⤵
        
        PID:2972

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/540-20-0x0000000000690000-0x00000000006AE000-memory.dmp

Filesize
120KB

Download
memory/540-2-0x0000000000730000-0x0000000000731000-memory.dmp

Filesize
4KB

Download
memory/540-5-0x00000000039C0000-0x00000000039C1000-memory.dmp

Filesize
4KB

Download
memory/540-6-0x0000000000740000-0x0000000000741000-memory.dmp

Filesize
4KB

Download
memory/540-4-0x0000000003A80000-0x0000000003A81000-memory.dmp

Filesize
4KB

Download
memory/540-8-0x00000000006C0000-0x00000000006C1000-memory.dmp

Filesize
4KB

Download
memory/540-7-0x0000000003A60000-0x0000000003A61000-memory.dmp

Filesize
4KB

Download
memory/540-3-0x0000000003980000-0x0000000003981000-memory.dmp

Filesize
4KB

Download
memory/540-19-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/540-1-0x0000000000690000-0x00000000006AE000-memory.dmp

Filesize
120KB

Download
memory/540-0-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1940-55-0x0000000003920000-0x0000000003921000-memory.dmp

Filesize
4KB

Download
memory/1940-51-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1940-58-0x00000000039B0000-0x00000000039B1000-memory.dmp

Filesize
4KB

Download
memory/1940-59-0x0000000003930000-0x0000000003931000-memory.dmp

Filesize
4KB

Download
memory/1940-60-0x0000000003A50000-0x0000000003A51000-memory.dmp

Filesize
4KB

Download
memory/1940-56-0x0000000003970000-0x0000000003971000-memory.dmp

Filesize
4KB

Download
memory/1940-61-0x00000000038B0000-0x00000000038B1000-memory.dmp

Filesize
4KB

Download
memory/1940-57-0x0000000003A70000-0x0000000003A71000-memory.dmp

Filesize
4KB

Download
memory/1940-54-0x00000000005B0000-0x00000000005CE000-memory.dmp

Filesize
120KB

Download
memory/2276-24-0x0000000003A70000-0x0000000003A71000-memory.dmp

Filesize
4KB

Download
memory/2276-23-0x0000000003970000-0x0000000003971000-memory.dmp

Filesize
4KB

Download
memory/2276-26-0x0000000003930000-0x0000000003931000-memory.dmp

Filesize
4KB

Download
memory/2276-25-0x00000000039B0000-0x00000000039B1000-memory.dmp

Filesize
4KB

Download
memory/2276-28-0x00000000038B0000-0x00000000038B1000-memory.dmp

Filesize
4KB

Download
memory/2276-27-0x0000000003A50000-0x0000000003A51000-memory.dmp

Filesize
4KB

Download
memory/2276-42-0x0000000003880000-0x000000000389E000-memory.dmp

Filesize
120KB

Download
memory/2276-41-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2276-18-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2276-21-0x0000000003880000-0x000000000389E000-memory.dmp

Filesize
120KB

Download
memory/2276-22-0x0000000003920000-0x0000000003921000-memory.dmp

Filesize
4KB

Download
memory/2744-30-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2744-17-0x00000000038B0000-0x00000000038B1000-memory.dmp

Filesize
4KB

Download
memory/2744-16-0x0000000003A50000-0x0000000003A51000-memory.dmp

Filesize
4KB

Download
memory/2744-15-0x0000000003930000-0x0000000003931000-memory.dmp

Filesize
4KB

Download
memory/2744-14-0x00000000039B0000-0x00000000039B1000-memory.dmp

Filesize
4KB

Download
memory/2744-10-0x0000000003880000-0x000000000389E000-memory.dmp

Filesize
120KB

Download
memory/2744-9-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2744-31-0x0000000003880000-0x000000000389E000-memory.dmp

Filesize
120KB

Download
memory/2744-11-0x0000000003920000-0x0000000003921000-memory.dmp

Filesize
4KB

Download
memory/2744-12-0x0000000003970000-0x0000000003971000-memory.dmp

Filesize
4KB

Download
memory/2744-13-0x0000000003A70000-0x0000000003A71000-memory.dmp

Filesize
4KB

Download
memory/3356-62-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/3660-32-0x00000000006A0000-0x00000000006BE000-memory.dmp

Filesize
120KB

Download
memory/3660-39-0x00000000006C0000-0x00000000006C1000-memory.dmp

Filesize
4KB

Download
memory/3660-29-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/3660-33-0x0000000003920000-0x0000000003921000-memory.dmp

Filesize
4KB

Download
memory/3660-34-0x0000000003970000-0x0000000003971000-memory.dmp

Filesize
4KB

Download
memory/3660-35-0x0000000003A70000-0x0000000003A71000-memory.dmp

Filesize
4KB

Download
memory/3660-36-0x00000000039B0000-0x00000000039B1000-memory.dmp

Filesize
4KB

Download
memory/3660-37-0x0000000003930000-0x0000000003931000-memory.dmp

Filesize
4KB

Download
memory/3660-38-0x0000000003A50000-0x0000000003A51000-memory.dmp

Filesize
4KB

Download
memory/3660-53-0x00000000006A0000-0x00000000006BE000-memory.dmp

Filesize
120KB

Download
memory/3660-52-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/4260-49-0x0000000003A50000-0x0000000003A51000-memory.dmp

Filesize
4KB

Download
memory/4260-40-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/4260-50-0x00000000038B0000-0x00000000038B1000-memory.dmp

Filesize
4KB

Download
memory/4260-43-0x0000000003880000-0x000000000389E000-memory.dmp

Filesize
120KB

Download
memory/4260-44-0x0000000003920000-0x0000000003921000-memory.dmp

Filesize
4KB

Download
memory/4260-47-0x00000000039B0000-0x00000000039B1000-memory.dmp

Filesize
4KB

Download
memory/4260-48-0x0000000003930000-0x0000000003931000-memory.dmp

Filesize
4KB

Download
memory/4260-45-0x0000000003970000-0x0000000003971000-memory.dmp

Filesize
4KB

Download
memory/4260-46-0x0000000003A70000-0x0000000003A71000-memory.dmp

Filesize
4KB

Download
memory/4260-63-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads