02fa7890063520b02768e825a46493f87093314bec43783632fd79b7d4a32fa2

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/02/2024, 07:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ab499a660cca20284dea8a723935118f.exe
Size

160KB
MD5

ab499a660cca20284dea8a723935118f
SHA1

6110b6fae0330e5630edf019e13de3166a314092
SHA256

02fa7890063520b02768e825a46493f87093314bec43783632fd79b7d4a32fa2
SHA512

171008ffa2fff5a7e0bdd047d3fab27647e2fe885449b14bd01fe4e1a7ade04bb3035cdc2b76c023367386fc9b6cce7690c9c98501e8cef5e2a5df98281c098e
SSDEEP

3072:DHapNRtkAfTiEo5Yg5zXqq5ZUrp7uTuWocYWER8BLLNVi73eR8greqb88:DHapNR+MWEoug3I7uoWEOLHE3e3rDD

Score

1^/10

Malware Config

Signatures

Suspicious behavior: RenamesItself 19 IoCs

pid	Process
4588	ab499a660cca20284dea8a723935118f.exe
4928	cgqnssztlcq.exe
3380	fpzh.exe
2468	ixts.exe
1132	xqbdwfiyujlf.exe
3068	joytrxud.exe
456	swtlazhgsqtlt.exe
4568	umgyqcl.exe
2028	mqoznztzbntp.exe
4584	jcafwiptjsmq.exe
4592	zgtal.exe
724	plbla.exe
4844	kduk.exe
2244	acdicrhdos.exe
4356	ozbeaaxn.exe
4988	dwkunymvp.exe
4708	ldayajmcguheq.exe
4224	adxm.exe
3448	owrg.exe

Suspicious use of WriteProcessMemory 57 IoCs

description	pid	Process	procid_target
PID 4588 wrote to memory of 4928	4588	ab499a660cca20284dea8a723935118f.exe	95
PID 4588 wrote to memory of 4928	4588	ab499a660cca20284dea8a723935118f.exe	95
PID 4588 wrote to memory of 4928	4588	ab499a660cca20284dea8a723935118f.exe	95
PID 4928 wrote to memory of 3380	4928	cgqnssztlcq.exe	96
PID 4928 wrote to memory of 3380	4928	cgqnssztlcq.exe	96
PID 4928 wrote to memory of 3380	4928	cgqnssztlcq.exe	96
PID 3380 wrote to memory of 2468	3380	fpzh.exe	97
PID 3380 wrote to memory of 2468	3380	fpzh.exe	97
PID 3380 wrote to memory of 2468	3380	fpzh.exe	97
PID 2468 wrote to memory of 1132	2468	ixts.exe	100
PID 2468 wrote to memory of 1132	2468	ixts.exe	100
PID 2468 wrote to memory of 1132	2468	ixts.exe	100
PID 1132 wrote to memory of 3068	1132	xqbdwfiyujlf.exe	102
PID 1132 wrote to memory of 3068	1132	xqbdwfiyujlf.exe	102
PID 1132 wrote to memory of 3068	1132	xqbdwfiyujlf.exe	102
PID 3068 wrote to memory of 456	3068	joytrxud.exe	103
PID 3068 wrote to memory of 456	3068	joytrxud.exe	103
PID 3068 wrote to memory of 456	3068	joytrxud.exe	103
PID 456 wrote to memory of 4568	456	swtlazhgsqtlt.exe	104
PID 456 wrote to memory of 4568	456	swtlazhgsqtlt.exe	104
PID 456 wrote to memory of 4568	456	swtlazhgsqtlt.exe	104
PID 4568 wrote to memory of 2028	4568	umgyqcl.exe	105
PID 4568 wrote to memory of 2028	4568	umgyqcl.exe	105
PID 4568 wrote to memory of 2028	4568	umgyqcl.exe	105
PID 2028 wrote to memory of 4584	2028	mqoznztzbntp.exe	106
PID 2028 wrote to memory of 4584	2028	mqoznztzbntp.exe	106
PID 2028 wrote to memory of 4584	2028	mqoznztzbntp.exe	106
PID 4584 wrote to memory of 4592	4584	jcafwiptjsmq.exe	107
PID 4584 wrote to memory of 4592	4584	jcafwiptjsmq.exe	107
PID 4584 wrote to memory of 4592	4584	jcafwiptjsmq.exe	107
PID 4592 wrote to memory of 724	4592	zgtal.exe	108
PID 4592 wrote to memory of 724	4592	zgtal.exe	108
PID 4592 wrote to memory of 724	4592	zgtal.exe	108
PID 724 wrote to memory of 4844	724	plbla.exe	109
PID 724 wrote to memory of 4844	724	plbla.exe	109
PID 724 wrote to memory of 4844	724	plbla.exe	109
PID 4844 wrote to memory of 2244	4844	kduk.exe	110
PID 4844 wrote to memory of 2244	4844	kduk.exe	110
PID 4844 wrote to memory of 2244	4844	kduk.exe	110
PID 2244 wrote to memory of 4356	2244	acdicrhdos.exe	111
PID 2244 wrote to memory of 4356	2244	acdicrhdos.exe	111
PID 2244 wrote to memory of 4356	2244	acdicrhdos.exe	111
PID 4356 wrote to memory of 4988	4356	ozbeaaxn.exe	112
PID 4356 wrote to memory of 4988	4356	ozbeaaxn.exe	112
PID 4356 wrote to memory of 4988	4356	ozbeaaxn.exe	112
PID 4988 wrote to memory of 4708	4988	dwkunymvp.exe	113
PID 4988 wrote to memory of 4708	4988	dwkunymvp.exe	113
PID 4988 wrote to memory of 4708	4988	dwkunymvp.exe	113
PID 4708 wrote to memory of 4224	4708	ldayajmcguheq.exe	114
PID 4708 wrote to memory of 4224	4708	ldayajmcguheq.exe	114
PID 4708 wrote to memory of 4224	4708	ldayajmcguheq.exe	114
PID 4224 wrote to memory of 3448	4224	adxm.exe	115
PID 4224 wrote to memory of 3448	4224	adxm.exe	115
PID 4224 wrote to memory of 3448	4224	adxm.exe	115
PID 3448 wrote to memory of 2524	3448	owrg.exe	116
PID 3448 wrote to memory of 2524	3448	owrg.exe	116
PID 3448 wrote to memory of 2524	3448	owrg.exe	116

C:\Users\Admin\AppData\Local\Temp\ab499a660cca20284dea8a723935118f.exe
"C:\Users\Admin\AppData\Local\Temp\ab499a660cca20284dea8a723935118f.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:4588
- C:\Windows\SysWOW64\cgqnssztlcq.exe
  C:\Windows\system32\cgqnssztlcq.exe
  2⤵
  - Suspicious behavior: RenamesItself
  - Suspicious use of WriteProcessMemory
  PID:4928
- - C:\Windows\SysWOW64\fpzh.exe
    C:\Windows\system32\fpzh.exe
    3⤵
    - Suspicious behavior: RenamesItself
    - Suspicious use of WriteProcessMemory
    PID:3380
  - - C:\Windows\SysWOW64\ixts.exe
      C:\Windows\system32\ixts.exe
      4⤵
      Suspicious behavior: RenamesItself
      Suspicious use of WriteProcessMemory
      PID:2468
    - - C:\Windows\SysWOW64\xqbdwfiyujlf.exe
        
        C:\Windows\system32\xqbdwfiyujlf.exe
        5⤵
        Suspicious behavior: RenamesItself
        Suspicious use of WriteProcessMemory
        
        PID:1132
      - C:\Windows\SysWOW64\joytrxud.exe
        
        C:\Windows\system32\joytrxud.exe
        6⤵
        Suspicious behavior: RenamesItself
        Suspicious use of WriteProcessMemory
        
        PID:3068
        
        C:\Windows\SysWOW64\swtlazhgsqtlt.exe
        
        C:\Windows\system32\swtlazhgsqtlt.exe
        7⤵
        Suspicious behavior: RenamesItself
        Suspicious use of WriteProcessMemory
        
        PID:456
        
        C:\Windows\SysWOW64\umgyqcl.exe
        
        C:\Windows\system32\umgyqcl.exe
        8⤵
        Suspicious behavior: RenamesItself
        Suspicious use of WriteProcessMemory
        
        PID:4568
        
        C:\Windows\SysWOW64\mqoznztzbntp.exe
        
        C:\Windows\system32\mqoznztzbntp.exe
        9⤵
        Suspicious behavior: RenamesItself
        Suspicious use of WriteProcessMemory
        
        PID:2028
        
        C:\Windows\SysWOW64\jcafwiptjsmq.exe
        
        C:\Windows\system32\jcafwiptjsmq.exe
        10⤵
        Suspicious behavior: RenamesItself
        Suspicious use of WriteProcessMemory
        
        PID:4584
        
        C:\Windows\SysWOW64\zgtal.exe
        
        C:\Windows\system32\zgtal.exe
        11⤵
        Suspicious behavior: RenamesItself
        Suspicious use of WriteProcessMemory
        
        PID:4592
        
        C:\Windows\SysWOW64\plbla.exe
        
        C:\Windows\system32\plbla.exe
        12⤵
        Suspicious behavior: RenamesItself
        Suspicious use of WriteProcessMemory
        
        PID:724
        
        C:\Windows\SysWOW64\kduk.exe
        
        C:\Windows\system32\kduk.exe
        13⤵
        Suspicious behavior: RenamesItself
        Suspicious use of WriteProcessMemory
        
        PID:4844
        
        C:\Windows\SysWOW64\acdicrhdos.exe
        
        C:\Windows\system32\acdicrhdos.exe
        14⤵
        Suspicious behavior: RenamesItself
        Suspicious use of WriteProcessMemory
        
        PID:2244
        
        C:\Windows\SysWOW64\ozbeaaxn.exe
        
        C:\Windows\system32\ozbeaaxn.exe
        15⤵
        Suspicious behavior: RenamesItself
        Suspicious use of WriteProcessMemory
        
        PID:4356
        
        C:\Windows\SysWOW64\dwkunymvp.exe
        
        C:\Windows\system32\dwkunymvp.exe
        16⤵
        Suspicious behavior: RenamesItself
        Suspicious use of WriteProcessMemory
        
        PID:4988
        
        C:\Windows\SysWOW64\ldayajmcguheq.exe
        
        C:\Windows\system32\ldayajmcguheq.exe
        17⤵
        Suspicious behavior: RenamesItself
        Suspicious use of WriteProcessMemory
        
        PID:4708
        
        C:\Windows\SysWOW64\adxm.exe
        
        C:\Windows\system32\adxm.exe
        18⤵
        Suspicious behavior: RenamesItself
        Suspicious use of WriteProcessMemory
        
        PID:4224
        
        C:\Windows\SysWOW64\owrg.exe
        
        C:\Windows\system32\owrg.exe
        19⤵
        Suspicious behavior: RenamesItself
        Suspicious use of WriteProcessMemory
        
        PID:3448
        
        C:\Windows\SysWOW64\pbuzoapwd.exe
        
        C:\Windows\system32\pbuzoapwd.exe
        20⤵
        
        PID:2524

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1132-53-0x0000000003770000-0x0000000003771000-memory.dmp

Filesize
4KB

Download
memory/1132-48-0x0000000003650000-0x0000000003651000-memory.dmp

Filesize
4KB

Download
memory/1132-51-0x0000000003790000-0x0000000003791000-memory.dmp

Filesize
4KB

Download
memory/1132-50-0x0000000003610000-0x0000000003611000-memory.dmp

Filesize
4KB

Download
memory/1132-49-0x0000000003690000-0x0000000003691000-memory.dmp

Filesize
4KB

Download
memory/1132-47-0x0000000003600000-0x0000000003601000-memory.dmp

Filesize
4KB

Download
memory/1132-46-0x0000000000470000-0x000000000048B000-memory.dmp

Filesize
108KB

Download
memory/1132-42-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1132-52-0x00000000036C0000-0x00000000036C1000-memory.dmp

Filesize
4KB

Download
memory/2468-39-0x0000000003790000-0x0000000003791000-memory.dmp

Filesize
4KB

Download
memory/2468-30-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2468-38-0x00000000005D0000-0x00000000005D1000-memory.dmp

Filesize
4KB

Download
memory/2468-37-0x0000000003690000-0x0000000003691000-memory.dmp

Filesize
4KB

Download
memory/2468-41-0x0000000003770000-0x0000000003771000-memory.dmp

Filesize
4KB

Download
memory/2468-36-0x0000000003650000-0x0000000003651000-memory.dmp

Filesize
4KB

Download
memory/2468-35-0x00000000005C0000-0x00000000005C1000-memory.dmp

Filesize
4KB

Download
memory/2468-57-0x0000000000590000-0x00000000005AB000-memory.dmp

Filesize
108KB

Download
memory/2468-34-0x0000000000590000-0x00000000005AB000-memory.dmp

Filesize
108KB

Download
memory/2468-55-0x00000000037B0000-0x00000000037B1000-memory.dmp

Filesize
4KB

Download
memory/2468-40-0x00000000036C0000-0x00000000036C1000-memory.dmp

Filesize
4KB

Download
memory/2468-56-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/3068-59-0x00000000005B0000-0x00000000005B1000-memory.dmp

Filesize
4KB

Download
memory/3068-54-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/3068-63-0x00000000037A0000-0x00000000037A1000-memory.dmp

Filesize
4KB

Download
memory/3068-61-0x0000000000650000-0x0000000000651000-memory.dmp

Filesize
4KB

Download
memory/3068-62-0x00000000005C0000-0x00000000005C1000-memory.dmp

Filesize
4KB

Download
memory/3068-60-0x0000000000610000-0x0000000000611000-memory.dmp

Filesize
4KB

Download
memory/3068-58-0x0000000000580000-0x000000000059B000-memory.dmp

Filesize
108KB

Download
memory/3380-44-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/3380-25-0x0000000003690000-0x0000000003691000-memory.dmp

Filesize
4KB

Download
memory/3380-29-0x0000000003770000-0x0000000003771000-memory.dmp

Filesize
4KB

Download
memory/3380-45-0x0000000000470000-0x000000000048B000-memory.dmp

Filesize
108KB

Download
memory/3380-43-0x00000000037B0000-0x00000000037B1000-memory.dmp

Filesize
4KB

Download
memory/3380-26-0x00000000004C0000-0x00000000004C1000-memory.dmp

Filesize
4KB

Download
memory/3380-18-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/3380-22-0x0000000000470000-0x000000000048B000-memory.dmp

Filesize
108KB

Download
memory/3380-28-0x00000000036C0000-0x00000000036C1000-memory.dmp

Filesize
4KB

Download
memory/3380-27-0x0000000003790000-0x0000000003791000-memory.dmp

Filesize
4KB

Download
memory/3380-24-0x0000000003650000-0x0000000003651000-memory.dmp

Filesize
4KB

Download
memory/3380-23-0x00000000004B0000-0x00000000004B1000-memory.dmp

Filesize
4KB

Download
memory/4588-21-0x00000000004C0000-0x00000000004DB000-memory.dmp

Filesize
108KB

Download
memory/4588-8-0x0000000003770000-0x0000000003771000-memory.dmp

Filesize
4KB

Download
memory/4588-7-0x00000000036C0000-0x00000000036C1000-memory.dmp

Filesize
4KB

Download
memory/4588-0-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/4588-19-0x00000000037B0000-0x00000000037B1000-memory.dmp

Filesize
4KB

Download
memory/4588-20-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/4588-6-0x0000000003790000-0x0000000003791000-memory.dmp

Filesize
4KB

Download
memory/4588-4-0x0000000003690000-0x0000000003691000-memory.dmp

Filesize
4KB

Download
memory/4588-5-0x0000000000500000-0x0000000000501000-memory.dmp

Filesize
4KB

Download
memory/4588-3-0x0000000003650000-0x0000000003651000-memory.dmp

Filesize
4KB

Download
memory/4588-2-0x00000000004F0000-0x00000000004F1000-memory.dmp

Filesize
4KB

Download
memory/4588-1-0x00000000004C0000-0x00000000004DB000-memory.dmp

Filesize
108KB

Download
memory/4928-16-0x00000000036C0000-0x00000000036C1000-memory.dmp

Filesize
4KB

Download
memory/4928-31-0x00000000037B0000-0x00000000037B1000-memory.dmp

Filesize
4KB

Download
memory/4928-32-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/4928-33-0x0000000000540000-0x000000000055B000-memory.dmp

Filesize
108KB

Download
memory/4928-17-0x0000000003770000-0x0000000003771000-memory.dmp

Filesize
4KB

Download
memory/4928-15-0x0000000003790000-0x0000000003791000-memory.dmp

Filesize
4KB

Download
memory/4928-13-0x0000000003690000-0x0000000003691000-memory.dmp

Filesize
4KB

Download
memory/4928-14-0x00000000006D0000-0x00000000006D1000-memory.dmp

Filesize
4KB

Download
memory/4928-11-0x00000000006C0000-0x00000000006C1000-memory.dmp

Filesize
4KB

Download
memory/4928-12-0x0000000003650000-0x0000000003651000-memory.dmp

Filesize
4KB

Download
memory/4928-10-0x0000000000540000-0x000000000055B000-memory.dmp

Filesize
108KB

Download
memory/4928-9-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads