97028cb3c231355edac3f2aefd1b0c4445a8a9473f31be9c6bf87fa43ab24fed

Analysis

max time kernel
144s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
03/02/2024, 22:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8d81ee748a32048ac5d09680742e8d70.exe
Size

168KB
MD5

8d81ee748a32048ac5d09680742e8d70
SHA1

bfed8def5880c94251fd8cb43e45a5011bc54f4b
SHA256

97028cb3c231355edac3f2aefd1b0c4445a8a9473f31be9c6bf87fa43ab24fed
SHA512

639408bf32fd0e23dfad811543001b014efbf5c269d11d73f07c8a2905507062a77d0ab1a454e6b86ce47b608ab970e206eeb40d4fec7fe5e2fca5f035b78963
SSDEEP

3072:DHrHofPOlj9sYJbLMEviYivZNnxSKjHhHA0A49dXjOaPQPPIihnXLhtO:PH2GN9VJbLpijxzHq0AujOVPhXLhQ

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1144	8d81ee748a32048ac5d09680742e8d70.exe
1144	8d81ee748a32048ac5d09680742e8d70.exe
1144	8d81ee748a32048ac5d09680742e8d70.exe
1144	8d81ee748a32048ac5d09680742e8d70.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1144 wrote to memory of 3384	1144	8d81ee748a32048ac5d09680742e8d70.exe	50
PID 1144 wrote to memory of 3384	1144	8d81ee748a32048ac5d09680742e8d70.exe	50
PID 1144 wrote to memory of 3384	1144	8d81ee748a32048ac5d09680742e8d70.exe	50
PID 1144 wrote to memory of 3384	1144	8d81ee748a32048ac5d09680742e8d70.exe	50

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3384
- C:\Users\Admin\AppData\Local\Temp\8d81ee748a32048ac5d09680742e8d70.exe
  "C:\Users\Admin\AppData\Local\Temp\8d81ee748a32048ac5d09680742e8d70.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1144

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1144-10-0x0000000002220000-0x0000000002230000-memory.dmp

Filesize
64KB

Download
memory/1144-11-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1144-4-0x00000000022B0000-0x00000000022C0000-memory.dmp

Filesize
64KB

Download
memory/1144-8-0x0000000077593000-0x0000000077594000-memory.dmp

Filesize
4KB

Download
memory/1144-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1144-5-0x0000000002350000-0x0000000002360000-memory.dmp

Filesize
64KB

Download
memory/1144-7-0x0000000076EA0000-0x0000000076F90000-memory.dmp

Filesize
960KB

Download
memory/1144-9-0x0000000077583000-0x0000000077584000-memory.dmp

Filesize
4KB

Download
memory/1144-2-0x0000000002180000-0x0000000002184000-memory.dmp

Filesize
16KB

Download
memory/1144-3-0x00000000021C0000-0x00000000021F9000-memory.dmp

Filesize
228KB

Download
memory/1144-6-0x0000000077592000-0x0000000077593000-memory.dmp

Filesize
4KB

Download
memory/1144-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1144-12-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1144-20-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1144-19-0x0000000076EA0000-0x0000000076F90000-memory.dmp

Filesize
960KB

Download
memory/1144-17-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1144-18-0x00000000021C0000-0x00000000021F9000-memory.dmp

Filesize
228KB

Download
memory/3384-14-0x000000007FFD0000-0x000000007FFD1000-memory.dmp

Filesize
4KB

Download
memory/3384-13-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download