Resubmissions

23/02/2024, 09:52

240223-lwhdkafa24 8

Analysis

  • max time kernel
    147s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/02/2024, 09:52

General

  • Target

    CustomRP.1.17.20.exe

  • Size

    6.3MB

  • MD5

    cc080cc12cd5372be2610f6038fae99b

  • SHA1

    2347c627519578d180fb9fd9bf44b7f3f0be8ff9

  • SHA256

    8be0a8ba506a52d5cd53738635400ef35217ea3bf5ffceba8bc254a770b589fd

  • SHA512

    96499d31c65dd13b7d9eb86be1f2c7abc602063e5941a7b067814dc6c67bead65ceed1c6dac64dbab59035d51e1b90056591fcbde93b63f8adb64d88094ed93c

  • SSDEEP

    196608:OVrrMxrPT5cYVNCuK3Wh0AO5KtTHCx7h+:prr+YVNCuK3xAOott

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\CustomRP.1.17.20.exe
    "C:\Users\Admin\AppData\Local\Temp\CustomRP.1.17.20.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5104
    • C:\Users\Admin\AppData\Local\Temp\is-T9UJ1.tmp\CustomRP.1.17.20.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-T9UJ1.tmp\CustomRP.1.17.20.tmp" /SL5="$80090,5484192,1081856,C:\Users\Admin\AppData\Local\Temp\CustomRP.1.17.20.exe"
      2⤵
      • Executes dropped EXE
      PID:1104

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\is-T9UJ1.tmp\CustomRP.1.17.20.tmp

          Filesize

          3.3MB

          MD5

          0fb8cc7beee2d6899ea8a4a0856164a9

          SHA1

          d2a90065ca504db5bdae05d27329ace677669fac

          SHA256

          250996fc58e740424f7e7d269432ac60878e483f887d1d696e27e4b3369367af

          SHA512

          0a4df4497a3b5611b1cf7cf71b5444befb5705a3de0e4e20dc95d3e58d5e2e4382b3def4b0ef72d6d55e921c512565c8aea20dda9c67cc205a0e57195fee54c5

        • memory/1104-5-0x0000000000970000-0x0000000000971000-memory.dmp

          Filesize

          4KB

        • memory/1104-8-0x0000000000400000-0x0000000000751000-memory.dmp

          Filesize

          3.3MB

        • memory/1104-11-0x0000000000970000-0x0000000000971000-memory.dmp

          Filesize

          4KB

        • memory/5104-0-0x0000000000400000-0x0000000000515000-memory.dmp

          Filesize

          1.1MB

        • memory/5104-7-0x0000000000400000-0x0000000000515000-memory.dmp

          Filesize

          1.1MB