Analysis
-
max time kernel
146s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
29-02-2024 00:59
Static task
static1
Behavioral task
behavioral1
Sample
ad4adf79a84772a0e2d4cc71ff2d8100.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ad4adf79a84772a0e2d4cc71ff2d8100.exe
Resource
win10v2004-20240226-en
General
-
Target
ad4adf79a84772a0e2d4cc71ff2d8100.exe
-
Size
1.9MB
-
MD5
ad4adf79a84772a0e2d4cc71ff2d8100
-
SHA1
600032d4e3da040d7f7c03e19038e8ed980e17b5
-
SHA256
8400ad2dfa4b8409a76a7b45fc3701a88484959bd16fb8045572c40ebe4043a8
-
SHA512
4cc4bf801c6cb29aee7100472d3ca7746cbd1bcfb654f8f0be879c45267bc2bf8df964f93f6e97a6df1df4aaa3a85fecef3629796855148f39fc3913af5da38e
-
SSDEEP
49152:Qoa1taC070d1Vk22pDIFE6EhyMW8/DpVgYohZj1:Qoa1taC0OVkZDIF3LAlVgYohZB
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 4924 8201.tmp -
Executes dropped EXE 1 IoCs
pid Process 4924 8201.tmp -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2976 wrote to memory of 4924 2976 ad4adf79a84772a0e2d4cc71ff2d8100.exe 90 PID 2976 wrote to memory of 4924 2976 ad4adf79a84772a0e2d4cc71ff2d8100.exe 90 PID 2976 wrote to memory of 4924 2976 ad4adf79a84772a0e2d4cc71ff2d8100.exe 90
Processes
-
C:\Users\Admin\AppData\Local\Temp\ad4adf79a84772a0e2d4cc71ff2d8100.exe"C:\Users\Admin\AppData\Local\Temp\ad4adf79a84772a0e2d4cc71ff2d8100.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2976 -
C:\Users\Admin\AppData\Local\Temp\8201.tmp"C:\Users\Admin\AppData\Local\Temp\8201.tmp" --splashC:\Users\Admin\AppData\Local\Temp\ad4adf79a84772a0e2d4cc71ff2d8100.exe D53117A87557FD9C4DC1D3C64D00DBEB9B64284C6B9ACFFF09B9CD62B0378A890D0E9F9C88EAA9EA90E1E9CE5DB69C959A9FE1D263854A91E6C64F1FA54C65222⤵
- Deletes itself
- Executes dropped EXE
PID:4924
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
706KB
MD59f99f08af81b6dcf869d441737a498a4
SHA1249ec2c84313f85094bbd5d89ed49e853a103cb5
SHA25610ead22bf86bcf1d75e3a11b3ce244562ded6b2745d1fa502349631ec334aaf2
SHA5129c5969a3d40077083619891e62462e09b08791698abb4f0991916fd448a384b332957b3b6400501a1884e16fce69aae31523f2f3f8c0d037fb4d9cdb20556068
-
Filesize
517KB
MD59ac782cb9be39b73947ffe4afe494e04
SHA172a432c839fa4ab2eec3fade8265aad24ef8934b
SHA25671e5549091731cb0df1013c4dfd8e1f049e66d71395d0479e6758afc076d703f
SHA5120b5422a861e8f81448524ca732c179edf619e2c35b74682b1e7159e7635065b994fc069d9b36213b021dd9966cd0737b90bfad790a33e4676ca16aa152c9158b