Analysis
-
max time kernel
93s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
-
submitted
25/02/2024, 14:37
General
-
Target
a409abd79cc71db29f6843011eeccc61.exe
-
Size
80KB
-
MD5
a409abd79cc71db29f6843011eeccc61
-
SHA1
2270b28a86ff82f190822f5affcce27d122f6280
-
SHA256
bc5068d095aaf0f1faa2994d6ce018371630fbae985c744c4e7a38f4e5b00ae7
-
SHA512
712d0bcba2ce402649316214c2a744b1acb21b2db6676fe9a05eb0fa7c19d3b3c24dd0c67be9b5c13ffbf12f8559f43e6c88ff158ac1ac0cba5688d2d9b9d635
-
SSDEEP
768:1cuFHOp4agS24GTB3fU3uW7to1RuchFB1m/S2cjT2tDXv+Q:7rRS27fU3ho1RZFB1m/HcjUm
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops file in System32 directory 1 IoCs
-
Drops file in Windows directory 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of WriteProcessMemory 5 IoCs
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Users\Admin\AppData\Local\Temp\a409abd79cc71db29f6843011eeccc61.exe"C:\Users\Admin\AppData\Local\Temp\a409abd79cc71db29f6843011eeccc61.exe"2⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\z.exeC:\Windows\z.exe @C:\Users\Admin\AppData\Local\Temp\a409abd79cc71db29f6843011eeccc61.exe@8243⤵
- Deletes itself
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
80KB
MD5a409abd79cc71db29f6843011eeccc61
SHA12270b28a86ff82f190822f5affcce27d122f6280
SHA256bc5068d095aaf0f1faa2994d6ce018371630fbae985c744c4e7a38f4e5b00ae7
SHA512712d0bcba2ce402649316214c2a744b1acb21b2db6676fe9a05eb0fa7c19d3b3c24dd0c67be9b5c13ffbf12f8559f43e6c88ff158ac1ac0cba5688d2d9b9d635