Analysis
-
max time kernel
147s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
-
submitted
24/02/2024, 03:02
General
-
Target
a3df6e2031984aeea329fd145faa0d08.exe
-
Size
476KB
-
MD5
a3df6e2031984aeea329fd145faa0d08
-
SHA1
e0b243674f7233731e2d6dc45274f3b667c2af10
-
SHA256
f04acfe875191a4ddb25e7307648eb5fbf910e14032094fecfdd9de94e953327
-
SHA512
48c50979b3f3ba8022c56106e12dedca83476fe7a58d598fdbfa6650c0db9de554826178c8d1b7430425d4b71341f35e3a995fe32882a422f29393480acfdb59
-
SSDEEP
12288:aO4rfItL8HRN+PA76ea17GHF9r9ltq1SH8ygQ7K9wlsDpVFd:aO4rQtGRecFc7GHF1KyR+9wlsDpVFd
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a3df6e2031984aeea329fd145faa0d08.exe"C:\Users\Admin\AppData\Local\Temp\a3df6e2031984aeea329fd145faa0d08.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\8C13.tmp"C:\Users\Admin\AppData\Local\Temp\8C13.tmp" --helpC:\Users\Admin\AppData\Local\Temp\a3df6e2031984aeea329fd145faa0d08.exe F97637F5D7BC680EAA693BB2707EE87BF535DFC448C3B311607D23B07DFA1B6F7C0222EDE0D8BA6CACCE32AF97F7CAA49CCE2620BC2E61C476E9D0A9B72927D52⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
476KB
MD5145ebe3b519f2807d999deb90f1ca7c0
SHA16023f2d45798c1d5bc021533b015d797e565497a
SHA256ecf8a80f7c3473cb99b2b46ae5e9dff9bb6b95de27b1a47e48bc0c5ed50a8fd3
SHA512ab385e72673f0e6266ada6781711ac5af87aaae8741b22e9207f26b13f090ee61fc7cf3513b8d6e7808c2b880b28bb95e6c52ea7286c8762028da45a01ab33d6