Analysis
-
max time kernel
146s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
29/02/2024, 02:43
Behavioral task
behavioral1
Sample
ad7cbf61c46cf80a2178995f2952786a.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ad7cbf61c46cf80a2178995f2952786a.exe
Resource
win10v2004-20240226-en
General
-
Target
ad7cbf61c46cf80a2178995f2952786a.exe
-
Size
82KB
-
MD5
ad7cbf61c46cf80a2178995f2952786a
-
SHA1
8e3baf98c244a91e10f7efbe9290ec39b9ea3ff3
-
SHA256
3d6c4c3329c86e047de39d5378cbcdc7ad2e87690a7c4f993423035d7fb41547
-
SHA512
127c7be2515ae0afc756e468d2c09769e4106d45d6caf9de14467dd8a04a2d5e715b47795c09865f0772d27b6558456ac03bbef1879f627b2261361df8ce3fed
-
SSDEEP
1536:oYNAe9+fi4I+39FW7MpYRGnNmPRDc2OJADVmnQ7JiaiPR8yVCf:NutI17MpOYMRcHoqR76Wc
Malware Config
Signatures
-
resource yara_rule behavioral2/files/0x000700000002320b-6.dat aspack_v212_v242 -
Executes dropped EXE 1 IoCs
pid Process 4620 B77KJ467KJF7K -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2440 wrote to memory of 4620 2440 ad7cbf61c46cf80a2178995f2952786a.exe 87 PID 2440 wrote to memory of 4620 2440 ad7cbf61c46cf80a2178995f2952786a.exe 87 PID 2440 wrote to memory of 4620 2440 ad7cbf61c46cf80a2178995f2952786a.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\ad7cbf61c46cf80a2178995f2952786a.exe"C:\Users\Admin\AppData\Local\Temp\ad7cbf61c46cf80a2178995f2952786a.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2440 -
C:\Users\Admin\AppData\Local\Temp\B77KJ467KJF7KC:\Users\Admin\AppData\Local\Temp\B77KJ467KJF7K "http://streamingporntv.com/inwm.data"2⤵
- Executes dropped EXE
PID:4620
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
42KB
MD5289b537c91bb2ff6a3c9e26b5944fb09
SHA1cdcf487003c3448ea4b7f61a034b181b555ac586
SHA256333421f182ae5cf6818ac43fb4f67d762badaf0a95eceab5005b6e70616c6772
SHA512517c97a23db3583aa669e36d86a303616037bdb250a4e4b574e26c6e95f7a2a556529633269ef0d2e02fdf9c76d970e27f0d6622d7c15fb026a16cd36fbb93ec