Analysis
-
max time kernel
141s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
23/01/2024, 14:39
Static task
static1
Behavioral task
behavioral1
Sample
639be9fbce027224e64fcebc79286c370e6743a3a5a833dca0b17971b727d316.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
639be9fbce027224e64fcebc79286c370e6743a3a5a833dca0b17971b727d316.exe
Resource
win10v2004-20231222-en
General
-
Target
639be9fbce027224e64fcebc79286c370e6743a3a5a833dca0b17971b727d316.exe
-
Size
11.9MB
-
MD5
e31cc2191508fe25b1f0b4ad880447da
-
SHA1
4ed873eb8117df1c5be589ee206113357b269bef
-
SHA256
639be9fbce027224e64fcebc79286c370e6743a3a5a833dca0b17971b727d316
-
SHA512
83d6957360eae733ced62bc99fe88ce77d44011db154478cb6947e9d7d3e03598162a86ff7a1ca2b21ce2d06b719fbaa24dd42a60c344b2a24f861c65833d87a
-
SSDEEP
196608:KBlctqPNu4y4DzphkPoOoR8p1f+z08FD8uvs/djg7Cl+mRygga0hoJoii+zL0Dki:bQlu4yWcPolRQN+fFYuvs/djg7C81gpE
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1584 639be9fbce027224e64fcebc79286c370e6743a3a5a833dca0b17971b727d316.tmp -
Loads dropped DLL 2 IoCs
pid Process 1584 639be9fbce027224e64fcebc79286c370e6743a3a5a833dca0b17971b727d316.tmp 1584 639be9fbce027224e64fcebc79286c370e6743a3a5a833dca0b17971b727d316.tmp -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1124 wrote to memory of 1584 1124 639be9fbce027224e64fcebc79286c370e6743a3a5a833dca0b17971b727d316.exe 86 PID 1124 wrote to memory of 1584 1124 639be9fbce027224e64fcebc79286c370e6743a3a5a833dca0b17971b727d316.exe 86 PID 1124 wrote to memory of 1584 1124 639be9fbce027224e64fcebc79286c370e6743a3a5a833dca0b17971b727d316.exe 86
Processes
-
C:\Users\Admin\AppData\Local\Temp\639be9fbce027224e64fcebc79286c370e6743a3a5a833dca0b17971b727d316.exe"C:\Users\Admin\AppData\Local\Temp\639be9fbce027224e64fcebc79286c370e6743a3a5a833dca0b17971b727d316.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1124 -
C:\Users\Admin\AppData\Local\Temp\is-EBFV9.tmp\639be9fbce027224e64fcebc79286c370e6743a3a5a833dca0b17971b727d316.tmp"C:\Users\Admin\AppData\Local\Temp\is-EBFV9.tmp\639be9fbce027224e64fcebc79286c370e6743a3a5a833dca0b17971b727d316.tmp" /SL5="$90054,11599674,1028096,C:\Users\Admin\AppData\Local\Temp\639be9fbce027224e64fcebc79286c370e6743a3a5a833dca0b17971b727d316.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1584
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
28KB
MD5077cb4461a2767383b317eb0c50f5f13
SHA1584e64f1d162398b7f377ce55a6b5740379c4282
SHA2568287d0e287a66ee78537c8d1d98e426562b95c50f569b92cea9ce36a9fa57e64
SHA512b1fcb0265697561ef497e6a60fcee99dc5ea0cf02b4010da9f5ed93bce88bdfea6bfe823a017487b8059158464ea29636aad8e5f9dd1e8b8a1b6eaaab670e547
-
C:\Users\Admin\AppData\Local\Temp\is-EBFV9.tmp\639be9fbce027224e64fcebc79286c370e6743a3a5a833dca0b17971b727d316.tmp
Filesize3.2MB
MD5a546c618b8e22ae29c35e0c11a1b216f
SHA1324b174fb6d732f2e795dcf52b5a674cb89a417d
SHA2566239332e5ed0538fc1f37439629ad93ffa5908b6b9b522b77d86b9d21d840ddc
SHA512bfb67402c93b715d25a6d7f0d4d1e2638fd8d3c9caa87574b285f624f412f0fdaf80f9f92f5ff63ea61ff3faae2ba08ace677eabb758611c8a3c485fa5e350b4