eb1125a564772e5d4442fa8d83d344dc46ef5bfa8fe7f641adf4f5aec285a049

Analysis

max time kernel
139s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/01/2024, 18:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

752dfafe0c224a2634c4f81eea4341a5.exe
Size

526KB
MD5

752dfafe0c224a2634c4f81eea4341a5
SHA1

bd1764bd0ec41701548090891c0d891ebfac138e
SHA256

eb1125a564772e5d4442fa8d83d344dc46ef5bfa8fe7f641adf4f5aec285a049
SHA512

94cdc521a4e0283ddf27e280e0780059f5fcc6adb643da61d6173dfa0ce158095456fd865868b3be147d4855056710d54c479d8eb5faa6bd3eaeb0def84031d6
SSDEEP

12288:oHwhDZMuXqgo6fEeFmAzvPFU0wgnY4kAF9Pe4d:og9Dn8bgtTk4zFte4d

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 52 IoCs

pid	Process
2888	752dfafe0c224a2634c4f81eea4341a5.exe
2888	752dfafe0c224a2634c4f81eea4341a5.exe
2888	752dfafe0c224a2634c4f81eea4341a5.exe
2888	752dfafe0c224a2634c4f81eea4341a5.exe
2888	752dfafe0c224a2634c4f81eea4341a5.exe
2888	752dfafe0c224a2634c4f81eea4341a5.exe
2888	752dfafe0c224a2634c4f81eea4341a5.exe
2888	752dfafe0c224a2634c4f81eea4341a5.exe
2888	752dfafe0c224a2634c4f81eea4341a5.exe
2888	752dfafe0c224a2634c4f81eea4341a5.exe
2888	752dfafe0c224a2634c4f81eea4341a5.exe
2888	752dfafe0c224a2634c4f81eea4341a5.exe
2888	752dfafe0c224a2634c4f81eea4341a5.exe
2888	752dfafe0c224a2634c4f81eea4341a5.exe
2888	752dfafe0c224a2634c4f81eea4341a5.exe
2888	752dfafe0c224a2634c4f81eea4341a5.exe
2888	752dfafe0c224a2634c4f81eea4341a5.exe
2888	752dfafe0c224a2634c4f81eea4341a5.exe
2888	752dfafe0c224a2634c4f81eea4341a5.exe
2888	752dfafe0c224a2634c4f81eea4341a5.exe
2888	752dfafe0c224a2634c4f81eea4341a5.exe
2888	752dfafe0c224a2634c4f81eea4341a5.exe
2888	752dfafe0c224a2634c4f81eea4341a5.exe
2888	752dfafe0c224a2634c4f81eea4341a5.exe
2888	752dfafe0c224a2634c4f81eea4341a5.exe
2888	752dfafe0c224a2634c4f81eea4341a5.exe
2888	752dfafe0c224a2634c4f81eea4341a5.exe
2888	752dfafe0c224a2634c4f81eea4341a5.exe
2888	752dfafe0c224a2634c4f81eea4341a5.exe
2888	752dfafe0c224a2634c4f81eea4341a5.exe
2888	752dfafe0c224a2634c4f81eea4341a5.exe
2888	752dfafe0c224a2634c4f81eea4341a5.exe
2888	752dfafe0c224a2634c4f81eea4341a5.exe
2888	752dfafe0c224a2634c4f81eea4341a5.exe
2888	752dfafe0c224a2634c4f81eea4341a5.exe
2888	752dfafe0c224a2634c4f81eea4341a5.exe
2888	752dfafe0c224a2634c4f81eea4341a5.exe
2888	752dfafe0c224a2634c4f81eea4341a5.exe
2888	752dfafe0c224a2634c4f81eea4341a5.exe
2888	752dfafe0c224a2634c4f81eea4341a5.exe
2888	752dfafe0c224a2634c4f81eea4341a5.exe
2888	752dfafe0c224a2634c4f81eea4341a5.exe
2888	752dfafe0c224a2634c4f81eea4341a5.exe
2888	752dfafe0c224a2634c4f81eea4341a5.exe
2888	752dfafe0c224a2634c4f81eea4341a5.exe
2888	752dfafe0c224a2634c4f81eea4341a5.exe
2888	752dfafe0c224a2634c4f81eea4341a5.exe
2888	752dfafe0c224a2634c4f81eea4341a5.exe
2888	752dfafe0c224a2634c4f81eea4341a5.exe
2888	752dfafe0c224a2634c4f81eea4341a5.exe
2888	752dfafe0c224a2634c4f81eea4341a5.exe
2888	752dfafe0c224a2634c4f81eea4341a5.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2888 set thread context of 4724	2888	752dfafe0c224a2634c4f81eea4341a5.exe	87

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 2888 wrote to memory of 4724	2888	752dfafe0c224a2634c4f81eea4341a5.exe	87
PID 2888 wrote to memory of 4724	2888	752dfafe0c224a2634c4f81eea4341a5.exe	87
PID 2888 wrote to memory of 4724	2888	752dfafe0c224a2634c4f81eea4341a5.exe	87
PID 2888 wrote to memory of 4724	2888	752dfafe0c224a2634c4f81eea4341a5.exe	87
PID 2888 wrote to memory of 4724	2888	752dfafe0c224a2634c4f81eea4341a5.exe	87

C:\Users\Admin\AppData\Local\Temp\752dfafe0c224a2634c4f81eea4341a5.exe
"C:\Users\Admin\AppData\Local\Temp\752dfafe0c224a2634c4f81eea4341a5.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2888
- C:\Users\Admin\AppData\Local\Temp\752dfafe0c224a2634c4f81eea4341a5.exe
  C:\Users\Admin\AppData\Local\Temp\752dfafe0c224a2634c4f81eea4341a5.exe
  2⤵
  PID:4724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2.0.0.2\cd.dll

Filesize
52KB

MD5
536995ca3f9da1bc6aaa900948e0314f

SHA1
cdd6b8b8cece3b905b9d18242724136c6ab2013c

SHA256
24b3c94761a8b726fc91944fd25f64406b39dd4d9414ef333899321471cdf922

SHA512
d502b7f83ad48ec49bd94699545ebca636c374f6d89b2d1f230bfff0ead0153e61c5347febebd22ff1fc2918555b90a0212291eb9cb668b9132fc774243658a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\2.0.0.2\le.dll

Filesize
76KB

MD5
e2ed22dc9aa028788bd7739eabf11a45

SHA1
a0c50e0b40f7e6dad07d076309b0833c0d5c467c

SHA256
711e3f81f848e7960ac52cf55683422dd7400f3f879e451445d29af656f41349

SHA512
75d5a3c3df48745513ca56b58e87a5cebe061cd22364d10be9c42ecb96f1391df694816e6f72f72d44f2b0ed7ace725362af039d39ced859bc19860da0244e3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2.0.0.2\lz.dll

Filesize
76KB

MD5
91c0047d4d099d7c02049d92be5c2947

SHA1
dedb1ab7e3d765811b79154e4e9ad1370de60675

SHA256
0bf85a42e4d249152efa5da883ea0245b9b699c142a8bd19d31584c35591b080

SHA512
4041e240fcc3998c9fe3ecfbe198f8f5642561c9875304c273eca08b308c9239b5119e35e314825d8d6b593d2415e7c4ca7fc00fcb7220b22dab0a1191dcf16a

Download Submit
memory/2888-128-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/2888-212-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/2888-14-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/2888-31-0x0000000000710000-0x000000000071F000-memory.dmp

Filesize
60KB

Download
memory/2888-32-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/2888-44-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/2888-50-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/2888-64-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/2888-83-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/2888-92-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/2888-91-0x0000000000750000-0x000000000075F000-memory.dmp

Filesize
60KB

Download
memory/2888-104-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/2888-112-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/2888-0-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/2888-20-0x0000000000700000-0x000000000070F000-memory.dmp

Filesize
60KB

Download
memory/2888-138-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/2888-217-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/2888-179-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/2888-200-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/2888-189-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/2888-155-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/2888-160-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/4724-214-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/4724-215-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/4724-216-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/4724-213-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/4724-218-0x00000000021D0000-0x00000000021D1000-memory.dmp

Filesize
4KB

Download
memory/4724-219-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/4724-220-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/4724-221-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads