477b45d05ba9c8d6a2b34151cc412f3f921ef0318048b82ff0e4b434c0e1d978

Analysis

max time kernel
156s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/01/2024, 02:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

713ca41c9d852277bfb786e0cfab581e.exe
Size

1.7MB
MD5

713ca41c9d852277bfb786e0cfab581e
SHA1

916d575a86c0ddf6054c5403cdec0116d7d11d78
SHA256

477b45d05ba9c8d6a2b34151cc412f3f921ef0318048b82ff0e4b434c0e1d978
SHA512

4591a4b2ee579468c97e10127a49f057e0daf5a0bdc8cda8f0c410bb1d35bf88fa2819487577ebf356014bcfadb884bdbc45bf75e3d2aa30ce33e7e6768cccb5
SSDEEP

49152:5aBuNoEBt4DGOdIgaf3jfojaJ325HK537zhWcTinXBgJ:QBu6EHgDO3jQ7xSIjRgJ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4284	713ca41c9d852277bfb786e0cfab581e.tmp

Loads dropped DLL 1 IoCs

pid	Process
4284	713ca41c9d852277bfb786e0cfab581e.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4556 wrote to memory of 4284	4556	713ca41c9d852277bfb786e0cfab581e.exe	88
PID 4556 wrote to memory of 4284	4556	713ca41c9d852277bfb786e0cfab581e.exe	88
PID 4556 wrote to memory of 4284	4556	713ca41c9d852277bfb786e0cfab581e.exe	88

C:\Users\Admin\AppData\Local\Temp\713ca41c9d852277bfb786e0cfab581e.exe
"C:\Users\Admin\AppData\Local\Temp\713ca41c9d852277bfb786e0cfab581e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4556
- C:\Users\Admin\AppData\Local\Temp\is-RON8Q.tmp\713ca41c9d852277bfb786e0cfab581e.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-RON8Q.tmp\713ca41c9d852277bfb786e0cfab581e.tmp" /SL5="$C0040,1461404,54272,C:\Users\Admin\AppData\Local\Temp\713ca41c9d852277bfb786e0cfab581e.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4284

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-L6FV8.tmp\Games.inf

Filesize
201B

MD5
003a2ee3f5d581c7a928e9fc1835315e

SHA1
43665a31315e13032a7613b0e5c74f9c56d1a606

SHA256
b12c9c9bbdd7129680c06a8a22561b619ddd3c41144a06ed24cc4eb8d434f43c

SHA512
95598b31347b6e4bf3580fcee978ed5ec9827c0832e37de5963dff66cfd4a98442b0075ebdef27f11152a27b619c57a6360619b6b655d6c56c093451aea30da4

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-L6FV8.tmp\isxdl.dll

Filesize
49KB

MD5
02ecc74f7f91e9ffd84de708683236a6

SHA1
3532de0b77df8b0fc89e9c7eddec3fa71f98f5a2

SHA256
30ad8a0e1cee091ca48c771adb2e76baf1a7d54b9f60dc47f54dfdc2d6f6691e

SHA512
a3fdaa651f82428395bc412a2a04fce673768d3ef088b3748addf337d95464eb141ae7c286bff5c705eae05dd7b38207629588ae7e89ada15269463cd7acf541

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RON8Q.tmp\713ca41c9d852277bfb786e0cfab581e.tmp

Filesize
688KB

MD5
c765336f0dcf4efdcc2101eed67cd30c

SHA1
fa0279f59738c5aa3b6b20106e109ccd77f895a7

SHA256
c5177fdc6031728e10141745cd69edbc91c92d14411a2dec6e8e8caa4f74ab28

SHA512
06a67ac37c20897967e2cad453793a6ef1c7804d4c578404f845daa88c859b15b0acb51642e6ad23ca6ba6549b02d5f6c98b1fa402004bdbf9d646abab7ec891

Download Submit
memory/4284-6-0x0000000002100000-0x0000000002101000-memory.dmp

Filesize
4KB

Download
memory/4284-34-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/4284-38-0x0000000002100000-0x0000000002101000-memory.dmp

Filesize
4KB

Download
memory/4556-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/4556-33-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads