Analysis
-
max time kernel
142s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
22/02/2024, 20:22
Static task
static1
Behavioral task
behavioral1
Sample
CustomRP.1.17.20.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
CustomRP.1.17.20.exe
Resource
win10v2004-20240221-en
General
-
Target
CustomRP.1.17.20.exe
-
Size
6.3MB
-
MD5
cc080cc12cd5372be2610f6038fae99b
-
SHA1
2347c627519578d180fb9fd9bf44b7f3f0be8ff9
-
SHA256
8be0a8ba506a52d5cd53738635400ef35217ea3bf5ffceba8bc254a770b589fd
-
SHA512
96499d31c65dd13b7d9eb86be1f2c7abc602063e5941a7b067814dc6c67bead65ceed1c6dac64dbab59035d51e1b90056591fcbde93b63f8adb64d88094ed93c
-
SSDEEP
196608:OVrrMxrPT5cYVNCuK3Wh0AO5KtTHCx7h+:prr+YVNCuK3xAOott
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2216 CustomRP.1.17.20.tmp -
Loads dropped DLL 1 IoCs
pid Process 2820 CustomRP.1.17.20.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2216 CustomRP.1.17.20.tmp -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2820 wrote to memory of 2216 2820 CustomRP.1.17.20.exe 28 PID 2820 wrote to memory of 2216 2820 CustomRP.1.17.20.exe 28 PID 2820 wrote to memory of 2216 2820 CustomRP.1.17.20.exe 28 PID 2820 wrote to memory of 2216 2820 CustomRP.1.17.20.exe 28 PID 2820 wrote to memory of 2216 2820 CustomRP.1.17.20.exe 28 PID 2820 wrote to memory of 2216 2820 CustomRP.1.17.20.exe 28 PID 2820 wrote to memory of 2216 2820 CustomRP.1.17.20.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\CustomRP.1.17.20.exe"C:\Users\Admin\AppData\Local\Temp\CustomRP.1.17.20.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2820 -
C:\Users\Admin\AppData\Local\Temp\is-5N88C.tmp\CustomRP.1.17.20.tmp"C:\Users\Admin\AppData\Local\Temp\is-5N88C.tmp\CustomRP.1.17.20.tmp" /SL5="$7011E,5484192,1081856,C:\Users\Admin\AppData\Local\Temp\CustomRP.1.17.20.exe"2⤵
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
PID:2216
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
310KB
MD5f7ba41905e662677693a91ef6fba2f05
SHA1441a13d49203643d89017bb7bcefd81c52c88457
SHA2560a7296f78fb32fa5584ee2c525e785a926652d527643781ecb1d4c636692b9dc
SHA5128a9f4e45dc60933da24ca152e123fce1e0d160c4f2dda162be8ca9efbd8f9d541c1b3a49d2dab55e23e73dc88ef66f344bdafbaa12c0ac9accb76666bd353128
-
Filesize
448KB
MD5ae797b922f869db23978e6e7074af40d
SHA18aca07927d3d27f9400f2845aef507cf9461bbeb
SHA256190f4c89821dc246ff73e238f9e50366e5f90b5558ad990acbc28922bef4b321
SHA5126e32bb059a1eb93982318497932f5b329cba1b5287ee7f6cf9320d473fc4810b544ad792de79c5a32a89aeb58809b4103510d4b10632982391973ed80b6cedbc