Analysis
-
max time kernel
94s -
max time network
115s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
28/02/2024, 01:47
General
-
Target
692f98dc8b4c469b4a7454ab7812a2bf.exe
-
Size
479KB
-
MD5
692f98dc8b4c469b4a7454ab7812a2bf
-
SHA1
112ad87993b35386b18d8e3e6134e426875ae522
-
SHA256
77aa68732e0486217b4063ca663c2a1b8c9b444e87a423c91d2b6be6992938cc
-
SHA512
d2c61e42928b6d71d1ad53b121250acccad8853f1151b9a1ca805096e7fa28d3569fc2cb6a2c9d62087a3e80f407138fcfe5f90c40acc7484a444cbee806f993
-
SSDEEP
12288:bO4rfItL8HASJ1039q1G9zN0mrqQ3wA75UO:bO4rQtGAy1039hiQ3pVUO
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\692f98dc8b4c469b4a7454ab7812a2bf.exe"C:\Users\Admin\AppData\Local\Temp\692f98dc8b4c469b4a7454ab7812a2bf.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3047.tmp"C:\Users\Admin\AppData\Local\Temp\3047.tmp" --helpC:\Users\Admin\AppData\Local\Temp\692f98dc8b4c469b4a7454ab7812a2bf.exe 23225643FD9194A38C191BF7851B3ADDAE8E8B1830D687A35748CC0DEAB66BDAE0F89996830C7B9AC16B7100651EC9ACC53BB33EEB74F169ADE5DC73E424CF082⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
479KB
MD5fe44fc9f6584e1a0247ff4eb33f88ff6
SHA1945ab80ebb3bb92b1a1468b3c745efbf10c83778
SHA256800bf77dfd7c2344dedd3998e255a0c719886fd974beef7c33ee80a123003fa9
SHA51219f6efe927cb5263c9e2de2fe444faf2ed1d2c69641ea0a7e80704ba0cc5c4719056ded22735cb44d1ca659638100a36c0dee0900e48cc8dd03889492a0b37e5