5edad3dbcb407ecff04685029d555332d0694a7805f0dd670cc8212fb983d04e

Analysis

max time kernel
143s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13/02/2024, 02:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9842b55031933addd9bb7b24002df5bb.exe
Size

1.9MB
MD5

9842b55031933addd9bb7b24002df5bb
SHA1

67e973282e217492a06cecbf8edccd142d38b6a9
SHA256

5edad3dbcb407ecff04685029d555332d0694a7805f0dd670cc8212fb983d04e
SHA512

1e5f84a273a4bfe777cdbd609c0eb8284cae7533a2cc88bb16b721dbaf31e25ce4f8edebe2c1a7c9c5eecdbaf15acc37462eacc42b5aff1fae1d08ff4dc5a1ef
SSDEEP

49152:5aXBR9Q9nyHjRNTGODSEL9TepXUDXiWsVKlOinXBgJ:QRRSSRlDSEBTqUDyWs6RgJ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2520	9842b55031933addd9bb7b24002df5bb.tmp

Loads dropped DLL 1 IoCs

pid	Process
2520	9842b55031933addd9bb7b24002df5bb.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1468 wrote to memory of 2520	1468	9842b55031933addd9bb7b24002df5bb.exe	84
PID 1468 wrote to memory of 2520	1468	9842b55031933addd9bb7b24002df5bb.exe	84
PID 1468 wrote to memory of 2520	1468	9842b55031933addd9bb7b24002df5bb.exe	84

C:\Users\Admin\AppData\Local\Temp\9842b55031933addd9bb7b24002df5bb.exe
"C:\Users\Admin\AppData\Local\Temp\9842b55031933addd9bb7b24002df5bb.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1468
- C:\Users\Admin\AppData\Local\Temp\is-1KQQT.tmp\9842b55031933addd9bb7b24002df5bb.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-1KQQT.tmp\9842b55031933addd9bb7b24002df5bb.tmp" /SL5="$50232,1560996,54272,C:\Users\Admin\AppData\Local\Temp\9842b55031933addd9bb7b24002df5bb.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-1KQQT.tmp\9842b55031933addd9bb7b24002df5bb.tmp

Filesize
688KB

MD5
c765336f0dcf4efdcc2101eed67cd30c

SHA1
fa0279f59738c5aa3b6b20106e109ccd77f895a7

SHA256
c5177fdc6031728e10141745cd69edbc91c92d14411a2dec6e8e8caa4f74ab28

SHA512
06a67ac37c20897967e2cad453793a6ef1c7804d4c578404f845daa88c859b15b0acb51642e6ad23ca6ba6549b02d5f6c98b1fa402004bdbf9d646abab7ec891

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RETI0.tmp\Games.inf

Filesize
217B

MD5
2b97c34497d4b60f69f957cffe948616

SHA1
914e968eb72dedca7ea8350ba91401d296a65d21

SHA256
0918a68e92c086e6c0f9aed9e37f9aa715da4966cbd6aa5413807f2849e7311a

SHA512
6f36864709e572b8b00f26cd02c6cb9f484ea403f85a94e4afa29db2cc44bb4f135994a827cd19744960c2fa137bef8077c708ee05b60c154f33cda9da6c866e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RETI0.tmp\isxdl.dll

Filesize
49KB

MD5
02ecc74f7f91e9ffd84de708683236a6

SHA1
3532de0b77df8b0fc89e9c7eddec3fa71f98f5a2

SHA256
30ad8a0e1cee091ca48c771adb2e76baf1a7d54b9f60dc47f54dfdc2d6f6691e

SHA512
a3fdaa651f82428395bc412a2a04fce673768d3ef088b3748addf337d95464eb141ae7c286bff5c705eae05dd7b38207629588ae7e89ada15269463cd7acf541

Download Submit
memory/1468-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1468-2-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1468-30-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2520-7-0x0000000000660000-0x0000000000661000-memory.dmp

Filesize
4KB

Download
memory/2520-31-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/2520-34-0x0000000000660000-0x0000000000661000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads