Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/02/2024, 02:34

General

  • Target

    ad7841a5878b1dfa75b05bb4d2b20eb0.exe

  • Size

    4.2MB

  • MD5

    ad7841a5878b1dfa75b05bb4d2b20eb0

  • SHA1

    59a129b87941e44246dc7f143ab4353bbd0f82e4

  • SHA256

    9d595e48793c40a85057d2c7a56fbc2acb925a2d083f1d19f654e7a57ffaf6b7

  • SHA512

    f41a53e7dc31ecfe2551d762c8a658dfb93df78fea6b3bc70cc89bfdb4c243c6ccf8631376d30435558c6e46c55e693e5d43aeeb19f2f37e01a7ea0f3f96f8b0

  • SSDEEP

    98304:Aw4EaKOz9QGCKP74FV8/63O2IHTH5Gvq3CqIkV03:AG2D7GV872STHUvqSBkV

Score
6/10

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 2 IoCs
  • Drops file in System32 directory 3 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ad7841a5878b1dfa75b05bb4d2b20eb0.exe
    "C:\Users\Admin\AppData\Local\Temp\ad7841a5878b1dfa75b05bb4d2b20eb0.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of WriteProcessMemory
    PID:4656
    • C:\Windows\SysWOW64\cmd.exe
      cmd / C:\DellPlung.exe
      2⤵
        PID:4692

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/4656-0-0x0000000003200000-0x0000000003201000-memory.dmp

            Filesize

            4KB

          • memory/4656-6-0x0000000000400000-0x0000000001465000-memory.dmp

            Filesize

            16.4MB

          • memory/4656-8-0x0000000003200000-0x0000000003201000-memory.dmp

            Filesize

            4KB