efdbd6e943851e29e6add5766cb4e9c2f49c97ccd213f77d812d317e1cc91fa7

Analysis

max time kernel
147s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/02/2024, 19:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

acb17b6e0c74457838be8297c454a6ba.exe
Size

301KB
MD5

acb17b6e0c74457838be8297c454a6ba
SHA1

2a0c3f36dd8b2cf15514ba7561145f316dae7fa7
SHA256

efdbd6e943851e29e6add5766cb4e9c2f49c97ccd213f77d812d317e1cc91fa7
SHA512

53f7fbc5302aa808dc1325d4000174fd47f91aa7ca15ad5ed4167f625faa943b18337d50b5a217b2b756a4ead5c233cfbee23f5a757d083de431f8b0e978d14c
SSDEEP

6144:KJEYERqaQiEYixXAkmOgoUpMEEdlntRb5A+na4S3K9EQwS:Y5+qntJxjfg5mxdltZ5A+na42QwS

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2196	svohst.exe

Drops file in System32 directory 5 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\svohst.exe	acb17b6e0c74457838be8297c454a6ba.exe
File opened for modification	C:\Windows\SysWOW64\svohst.exe	acb17b6e0c74457838be8297c454a6ba.exe
File created	C:\Windows\SysWOW64\svohst.exe	svohst.exe
File created	C:\Windows\SysWOW64\Deleteme.bat	svohst.exe
File created	C:\Windows\SysWOW64\Deleteme.bat	acb17b6e0c74457838be8297c454a6ba.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2196 wrote to memory of 4752	2196	svohst.exe	92
PID 2196 wrote to memory of 4752	2196	svohst.exe	92
PID 2196 wrote to memory of 4752	2196	svohst.exe	92
PID 3792 wrote to memory of 2420	3792	acb17b6e0c74457838be8297c454a6ba.exe	94
PID 3792 wrote to memory of 2420	3792	acb17b6e0c74457838be8297c454a6ba.exe	94
PID 3792 wrote to memory of 2420	3792	acb17b6e0c74457838be8297c454a6ba.exe	94

C:\Users\Admin\AppData\Local\Temp\acb17b6e0c74457838be8297c454a6ba.exe
"C:\Users\Admin\AppData\Local\Temp\acb17b6e0c74457838be8297c454a6ba.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:3792
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\system32\Deleteme.bat
  2⤵
  PID:2420

C:\Windows\SysWOW64\svohst.exe
C:\Windows\SysWOW64\svohst.exe -NetSata
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2196
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\system32\Deleteme.bat
  2⤵
  PID:4752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\Deleteme.bat

Filesize
184B

MD5
55d09da5d334d57c3aa166c9f12e1118

SHA1
addc20d79c912041508c474318fc272ae8885a56

SHA256
ae5542319ee1e7806ea518539fb5d99f9a9e7137e981c5a15d47b6f516610df8

SHA512
7b22629998c80252a91573140f6ed552675557654d8c3a79404ac7c38adf805ed9f0f0d4ff60b378c420b4de1d741bce56132dc5c9e2d8d568e485246e964413

Download Submit
C:\Windows\SysWOW64\Deleteme.bat

Filesize
104B

MD5
2eec7e3ae21b6acc8fb8cf0a2f7323aa

SHA1
0e6a8a87b7c2848ffec860a6955a44a2c166ad9b

SHA256
78d9742426f406d30f8379f240e595b8ab937b48bc9b0b5099e7e9ecfaa9fac2

SHA512
e13fae2b008a4eb4b88ade4e516d8c8d2521c1c88b53fd4f62863673ade296e708c5b128f1b5b79b18d78f0ed3c94a892207841b664c057a2617ab97aa8bf281

Download Submit
C:\Windows\SysWOW64\svohst.exe

Filesize
301KB

MD5
acb17b6e0c74457838be8297c454a6ba

SHA1
2a0c3f36dd8b2cf15514ba7561145f316dae7fa7

SHA256
efdbd6e943851e29e6add5766cb4e9c2f49c97ccd213f77d812d317e1cc91fa7

SHA512
53f7fbc5302aa808dc1325d4000174fd47f91aa7ca15ad5ed4167f625faa943b18337d50b5a217b2b756a4ead5c233cfbee23f5a757d083de431f8b0e978d14c

Download Submit
memory/2196-5-0x0000000000600000-0x0000000000601000-memory.dmp

Filesize
4KB

Download
memory/2196-8-0x0000000000400000-0x0000000000480039-memory.dmp

Filesize
512KB

Download
memory/3792-0-0x0000000000400000-0x0000000000480039-memory.dmp

Filesize
512KB

Download
memory/3792-1-0x0000000002330000-0x0000000002331000-memory.dmp

Filesize
4KB

Download
memory/3792-12-0x0000000000400000-0x0000000000480039-memory.dmp

Filesize
512KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads