Analysis

  • max time kernel
    138s
  • max time network
    203s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/02/2024, 04:11

General

  • Target

    $TEMPLATES/readme.exe

  • Size

    36KB

  • MD5

    5aa5f1c916bac1a35ebea267e7a4840f

  • SHA1

    1429790fa37313ddfece78c764992d21fa87b710

  • SHA256

    323501be982027bc5b18fbb1c8ee94d0219c02665003f91b7a75dc57e1c6a700

  • SHA512

    7da1ec129f6ffdd028a6d5e31b7b8474c560004e919b88956596bc4497d686f652c86029cc6477860a531c76e1b23170d181b8b31a2b71aa7c411dea7f9c8493

  • SSDEEP

    768:V9qrF6FbV5v+rf2C+9ReyFJefClbu9svHtLE8JJkwZ:V8rF6Fjs2Buk40uJ8JJdZ

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$TEMPLATES\readme.exe
    "C:\Users\Admin\AppData\Local\Temp\$TEMPLATES\readme.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:4596
    • C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Program Files (x86)\Internet Explorer\Connection Wizard\TDAtOnce_Now.dll"
      2⤵
        PID:2192

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\nsg6D3E.tmp\Banner.dll

            Filesize

            4KB

            MD5

            5ce60830e6db34a33f12be5018b21ca2

            SHA1

            1a4f855b358884d0c67053ec606a5a68aadf75b8

            SHA256

            8a039174ce882841a97df0871f94e22ebfc5111ac614eb05baf10cd1fd5d8c1a

            SHA512

            e6590fc8c365e98c6eb59ffcfab6931423b0603ec68b5c10f38004b879c5f3af3ee05d89b88f6fc480236abc9af4945e3146e9017bbd94ca8deac02145b7d903