Analysis
-
max time kernel
141s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 17:17
Static task
static1
Behavioral task
behavioral1
Sample
75123668ca77c5d520cc286093c78803.exe
Resource
win7-20231215-en
General
-
Target
75123668ca77c5d520cc286093c78803.exe
-
Size
1.8MB
-
MD5
75123668ca77c5d520cc286093c78803
-
SHA1
942b0499952e1550cfa9ee750294f705719322cd
-
SHA256
961df472ac077a155015c34928572d5d374bcefc1ee77de8cd2e6d9aef7baab6
-
SHA512
40fb9c9f17512b4d59cea5f4d0d722aa0f2559af3e23cc57ce42048b5b10891bdea0e1b21393c7270271d701feb2b1c7745788f69f1357a79f23791a8f0f0815
-
SSDEEP
49152:5aLNFV6oXyNGF5h7xfjXs129LtnZ50O6VAHAinXBgJ:QLNFUoiO9fjXs18L1v0fAbRgJ
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
75123668ca77c5d520cc286093c78803.tmppid process 216 75123668ca77c5d520cc286093c78803.tmp -
Loads dropped DLL 1 IoCs
Processes:
75123668ca77c5d520cc286093c78803.tmppid process 216 75123668ca77c5d520cc286093c78803.tmp -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
75123668ca77c5d520cc286093c78803.exedescription pid process target process PID 2892 wrote to memory of 216 2892 75123668ca77c5d520cc286093c78803.exe 75123668ca77c5d520cc286093c78803.tmp PID 2892 wrote to memory of 216 2892 75123668ca77c5d520cc286093c78803.exe 75123668ca77c5d520cc286093c78803.tmp PID 2892 wrote to memory of 216 2892 75123668ca77c5d520cc286093c78803.exe 75123668ca77c5d520cc286093c78803.tmp
Processes
-
C:\Users\Admin\AppData\Local\Temp\75123668ca77c5d520cc286093c78803.exe"C:\Users\Admin\AppData\Local\Temp\75123668ca77c5d520cc286093c78803.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2892 -
C:\Users\Admin\AppData\Local\Temp\is-C67L1.tmp\75123668ca77c5d520cc286093c78803.tmp"C:\Users\Admin\AppData\Local\Temp\is-C67L1.tmp\75123668ca77c5d520cc286093c78803.tmp" /SL5="$601CC,1502834,54272,C:\Users\Admin\AppData\Local\Temp\75123668ca77c5d520cc286093c78803.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:216
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\is-C67L1.tmp\75123668ca77c5d520cc286093c78803.tmpFilesize
688KB
MD5c765336f0dcf4efdcc2101eed67cd30c
SHA1fa0279f59738c5aa3b6b20106e109ccd77f895a7
SHA256c5177fdc6031728e10141745cd69edbc91c92d14411a2dec6e8e8caa4f74ab28
SHA51206a67ac37c20897967e2cad453793a6ef1c7804d4c578404f845daa88c859b15b0acb51642e6ad23ca6ba6549b02d5f6c98b1fa402004bdbf9d646abab7ec891
-
C:\Users\Admin\AppData\Local\Temp\is-O1801.tmp\Games.infFilesize
186B
MD5d88e7b6d1569f0a3ae8f609ffc8560c9
SHA143f54a5d27a21212d71a2126d35491b5043118ac
SHA256397ec6006a95b8b4b69c3ba24f7f94fc4bbec19df3ef89757b175d107f3f083a
SHA51255905ac8ff174e98b4b5328e333078f66ebe35e0bda23628eced9396b2b7f781922e5a11e2c16837bcaf1209cb2d8f724f5606d649e9d15cc4b90cc6d7256892
-
C:\Users\Admin\AppData\Local\Temp\is-O1801.tmp\isxdl.dllFilesize
49KB
MD502ecc74f7f91e9ffd84de708683236a6
SHA13532de0b77df8b0fc89e9c7eddec3fa71f98f5a2
SHA25630ad8a0e1cee091ca48c771adb2e76baf1a7d54b9f60dc47f54dfdc2d6f6691e
SHA512a3fdaa651f82428395bc412a2a04fce673768d3ef088b3748addf337d95464eb141ae7c286bff5c705eae05dd7b38207629588ae7e89ada15269463cd7acf541
-
memory/216-7-0x0000000000760000-0x0000000000761000-memory.dmpFilesize
4KB
-
memory/216-35-0x0000000000400000-0x00000000004BC000-memory.dmpFilesize
752KB
-
memory/216-38-0x0000000000760000-0x0000000000761000-memory.dmpFilesize
4KB
-
memory/2892-0-0x0000000000400000-0x0000000000414000-memory.dmpFilesize
80KB
-
memory/2892-2-0x0000000000400000-0x0000000000414000-memory.dmpFilesize
80KB
-
memory/2892-34-0x0000000000400000-0x0000000000414000-memory.dmpFilesize
80KB