Resubmissions
23/02/2024, 09:52
240223-lwhdkafa24 8Analysis
-
max time kernel
147s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
23/02/2024, 09:52
Static task
static1
Behavioral task
behavioral1
Sample
CustomRP.1.17.20.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
CustomRP.1.17.20.exe
Resource
win10v2004-20240221-en
General
-
Target
CustomRP.1.17.20.exe
-
Size
6.3MB
-
MD5
cc080cc12cd5372be2610f6038fae99b
-
SHA1
2347c627519578d180fb9fd9bf44b7f3f0be8ff9
-
SHA256
8be0a8ba506a52d5cd53738635400ef35217ea3bf5ffceba8bc254a770b589fd
-
SHA512
96499d31c65dd13b7d9eb86be1f2c7abc602063e5941a7b067814dc6c67bead65ceed1c6dac64dbab59035d51e1b90056591fcbde93b63f8adb64d88094ed93c
-
SSDEEP
196608:OVrrMxrPT5cYVNCuK3Wh0AO5KtTHCx7h+:prr+YVNCuK3xAOott
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1104 CustomRP.1.17.20.tmp -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 5104 wrote to memory of 1104 5104 CustomRP.1.17.20.exe 86 PID 5104 wrote to memory of 1104 5104 CustomRP.1.17.20.exe 86 PID 5104 wrote to memory of 1104 5104 CustomRP.1.17.20.exe 86
Processes
-
C:\Users\Admin\AppData\Local\Temp\CustomRP.1.17.20.exe"C:\Users\Admin\AppData\Local\Temp\CustomRP.1.17.20.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:5104 -
C:\Users\Admin\AppData\Local\Temp\is-T9UJ1.tmp\CustomRP.1.17.20.tmp"C:\Users\Admin\AppData\Local\Temp\is-T9UJ1.tmp\CustomRP.1.17.20.tmp" /SL5="$80090,5484192,1081856,C:\Users\Admin\AppData\Local\Temp\CustomRP.1.17.20.exe"2⤵
- Executes dropped EXE
PID:1104
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.3MB
MD50fb8cc7beee2d6899ea8a4a0856164a9
SHA1d2a90065ca504db5bdae05d27329ace677669fac
SHA256250996fc58e740424f7e7d269432ac60878e483f887d1d696e27e4b3369367af
SHA5120a4df4497a3b5611b1cf7cf71b5444befb5705a3de0e4e20dc95d3e58d5e2e4382b3def4b0ef72d6d55e921c512565c8aea20dda9c67cc205a0e57195fee54c5