Analysis

  • max time kernel
    146s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-02-2024 00:59

General

  • Target

    ad4adf79a84772a0e2d4cc71ff2d8100.exe

  • Size

    1.9MB

  • MD5

    ad4adf79a84772a0e2d4cc71ff2d8100

  • SHA1

    600032d4e3da040d7f7c03e19038e8ed980e17b5

  • SHA256

    8400ad2dfa4b8409a76a7b45fc3701a88484959bd16fb8045572c40ebe4043a8

  • SHA512

    4cc4bf801c6cb29aee7100472d3ca7746cbd1bcfb654f8f0be879c45267bc2bf8df964f93f6e97a6df1df4aaa3a85fecef3629796855148f39fc3913af5da38e

  • SSDEEP

    49152:Qoa1taC070d1Vk22pDIFE6EhyMW8/DpVgYohZj1:Qoa1taC0OVkZDIF3LAlVgYohZB

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ad4adf79a84772a0e2d4cc71ff2d8100.exe
    "C:\Users\Admin\AppData\Local\Temp\ad4adf79a84772a0e2d4cc71ff2d8100.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2976
    • C:\Users\Admin\AppData\Local\Temp\8201.tmp
      "C:\Users\Admin\AppData\Local\Temp\8201.tmp" --splashC:\Users\Admin\AppData\Local\Temp\ad4adf79a84772a0e2d4cc71ff2d8100.exe D53117A87557FD9C4DC1D3C64D00DBEB9B64284C6B9ACFFF09B9CD62B0378A890D0E9F9C88EAA9EA90E1E9CE5DB69C959A9FE1D263854A91E6C64F1FA54C6522
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:4924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\8201.tmp

    Filesize

    706KB

    MD5

    9f99f08af81b6dcf869d441737a498a4

    SHA1

    249ec2c84313f85094bbd5d89ed49e853a103cb5

    SHA256

    10ead22bf86bcf1d75e3a11b3ce244562ded6b2745d1fa502349631ec334aaf2

    SHA512

    9c5969a3d40077083619891e62462e09b08791698abb4f0991916fd448a384b332957b3b6400501a1884e16fce69aae31523f2f3f8c0d037fb4d9cdb20556068

  • C:\Users\Admin\AppData\Local\Temp\8201.tmp

    Filesize

    517KB

    MD5

    9ac782cb9be39b73947ffe4afe494e04

    SHA1

    72a432c839fa4ab2eec3fade8265aad24ef8934b

    SHA256

    71e5549091731cb0df1013c4dfd8e1f049e66d71395d0479e6758afc076d703f

    SHA512

    0b5422a861e8f81448524ca732c179edf619e2c35b74682b1e7159e7635065b994fc069d9b36213b021dd9966cd0737b90bfad790a33e4676ca16aa152c9158b

  • memory/2976-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

  • memory/4924-5-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB