879b9977e0f396b8b3f0bf3f2e2ff22c0d26185a3d2096b370b32e52bb8644fe

Analysis

max time kernel
144s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05/03/2024, 12:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b4be54bef4bd4ad3851f16237232e38a.exe
Size

240KB
MD5

b4be54bef4bd4ad3851f16237232e38a
SHA1

122137a3346848f70409fac01e26cb3171074a35
SHA256

879b9977e0f396b8b3f0bf3f2e2ff22c0d26185a3d2096b370b32e52bb8644fe
SHA512

8c4d4fc491574529872bce7a722673f857b90e27a700f63684a0259cb51ba9f35a6e03e674c252b92994d9c5f47bec7e2c2fa01de0ee5e52e4cbe4a9a0629420
SSDEEP

6144:LoDHy5sFlJgSqyBcjXRyCDnywWRDbQ9cxo8pX:LwSmFlGSqyBOXRVDnywYDE6x5

Score

1^/10

Malware Config

Signatures

Suspicious behavior: RenamesItself 9 IoCs

pid	Process
3736	b4be54bef4bd4ad3851f16237232e38a.exe
4564	hzkxrlii.exe
3360	rbnynk.exe
2520	hrtlulk.exe
3256	mwoxkaoglbhrp.exe
4552	hcefl.exe
1152	zvtfpjzr.exe
1728	gghzds.exe
712	modzmrbergc.exe

Suspicious use of WriteProcessMemory 27 IoCs

description	pid	Process	procid_target
PID 3736 wrote to memory of 4564	3736	b4be54bef4bd4ad3851f16237232e38a.exe	102
PID 3736 wrote to memory of 4564	3736	b4be54bef4bd4ad3851f16237232e38a.exe	102
PID 3736 wrote to memory of 4564	3736	b4be54bef4bd4ad3851f16237232e38a.exe	102
PID 4564 wrote to memory of 3360	4564	hzkxrlii.exe	106
PID 4564 wrote to memory of 3360	4564	hzkxrlii.exe	106
PID 4564 wrote to memory of 3360	4564	hzkxrlii.exe	106
PID 3360 wrote to memory of 2520	3360	rbnynk.exe	110
PID 3360 wrote to memory of 2520	3360	rbnynk.exe	110
PID 3360 wrote to memory of 2520	3360	rbnynk.exe	110
PID 2520 wrote to memory of 3256	2520	hrtlulk.exe	112
PID 2520 wrote to memory of 3256	2520	hrtlulk.exe	112
PID 2520 wrote to memory of 3256	2520	hrtlulk.exe	112
PID 3256 wrote to memory of 4552	3256	mwoxkaoglbhrp.exe	114
PID 3256 wrote to memory of 4552	3256	mwoxkaoglbhrp.exe	114
PID 3256 wrote to memory of 4552	3256	mwoxkaoglbhrp.exe	114
PID 4552 wrote to memory of 1152	4552	hcefl.exe	115
PID 4552 wrote to memory of 1152	4552	hcefl.exe	115
PID 4552 wrote to memory of 1152	4552	hcefl.exe	115
PID 1152 wrote to memory of 1728	1152	zvtfpjzr.exe	119
PID 1152 wrote to memory of 1728	1152	zvtfpjzr.exe	119
PID 1152 wrote to memory of 1728	1152	zvtfpjzr.exe	119
PID 1728 wrote to memory of 712	1728	gghzds.exe	121
PID 1728 wrote to memory of 712	1728	gghzds.exe	121
PID 1728 wrote to memory of 712	1728	gghzds.exe	121
PID 712 wrote to memory of 2580	712	modzmrbergc.exe	122
PID 712 wrote to memory of 2580	712	modzmrbergc.exe	122
PID 712 wrote to memory of 2580	712	modzmrbergc.exe	122

C:\Users\Admin\AppData\Local\Temp\b4be54bef4bd4ad3851f16237232e38a.exe
"C:\Users\Admin\AppData\Local\Temp\b4be54bef4bd4ad3851f16237232e38a.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:3736
- C:\Windows\SysWOW64\hzkxrlii.exe
  C:\Windows\system32\hzkxrlii.exe
  2⤵
  - Suspicious behavior: RenamesItself
  - Suspicious use of WriteProcessMemory
  PID:4564
- - C:\Windows\SysWOW64\rbnynk.exe
    C:\Windows\system32\rbnynk.exe
    3⤵
    - Suspicious behavior: RenamesItself
    - Suspicious use of WriteProcessMemory
    PID:3360
  - - C:\Windows\SysWOW64\hrtlulk.exe
      C:\Windows\system32\hrtlulk.exe
      4⤵
      Suspicious behavior: RenamesItself
      Suspicious use of WriteProcessMemory
      PID:2520
    - - C:\Windows\SysWOW64\mwoxkaoglbhrp.exe
        
        C:\Windows\system32\mwoxkaoglbhrp.exe
        5⤵
        Suspicious behavior: RenamesItself
        Suspicious use of WriteProcessMemory
        
        PID:3256
      - C:\Windows\SysWOW64\hcefl.exe
        
        C:\Windows\system32\hcefl.exe
        6⤵
        Suspicious behavior: RenamesItself
        Suspicious use of WriteProcessMemory
        
        PID:4552
        
        C:\Windows\SysWOW64\zvtfpjzr.exe
        
        C:\Windows\system32\zvtfpjzr.exe
        7⤵
        Suspicious behavior: RenamesItself
        Suspicious use of WriteProcessMemory
        
        PID:1152
        
        C:\Windows\SysWOW64\gghzds.exe
        
        C:\Windows\system32\gghzds.exe
        8⤵
        Suspicious behavior: RenamesItself
        Suspicious use of WriteProcessMemory
        
        PID:1728
        
        C:\Windows\SysWOW64\modzmrbergc.exe
        
        C:\Windows\system32\modzmrbergc.exe
        9⤵
        Suspicious behavior: RenamesItself
        Suspicious use of WriteProcessMemory
        
        PID:712
        
        C:\Windows\SysWOW64\rgpqawz.exe
        
        C:\Windows\system32\rgpqawz.exe
        10⤵
        
        PID:2580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1416 --field-trial-handle=2240,i,16875000905773190493,11379096115878622792,262144 --variations-seed-version /prefetch:8
1⤵
PID:1864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1152-63-0x0000000004B70000-0x0000000004B71000-memory.dmp

Filesize
4KB

Download
memory/1152-62-0x00000000005C0000-0x00000000005F2000-memory.dmp

Filesize
200KB

Download
memory/2520-32-0x0000000004AB0000-0x0000000004AE2000-memory.dmp

Filesize
200KB

Download
memory/2520-40-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2520-41-0x0000000004AB0000-0x0000000004AE2000-memory.dmp

Filesize
200KB

Download
memory/2520-39-0x0000000004B00000-0x0000000004B01000-memory.dmp

Filesize
4KB

Download
memory/2520-35-0x0000000004CC0000-0x0000000004CC1000-memory.dmp

Filesize
4KB

Download
memory/2520-38-0x0000000004CA0000-0x0000000004CA1000-memory.dmp

Filesize
4KB

Download
memory/2520-37-0x0000000004B80000-0x0000000004B81000-memory.dmp

Filesize
4KB

Download
memory/2520-36-0x0000000004C20000-0x0000000004C21000-memory.dmp

Filesize
4KB

Download
memory/2520-34-0x0000000004BE0000-0x0000000004BE1000-memory.dmp

Filesize
4KB

Download
memory/2520-33-0x0000000004B70000-0x0000000004B71000-memory.dmp

Filesize
4KB

Download
memory/3256-48-0x0000000004CA0000-0x0000000004CA1000-memory.dmp

Filesize
4KB

Download
memory/3256-42-0x0000000004AB0000-0x0000000004AE2000-memory.dmp

Filesize
200KB

Download
memory/3256-51-0x0000000004AB0000-0x0000000004AE2000-memory.dmp

Filesize
200KB

Download
memory/3256-50-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/3256-49-0x0000000004B00000-0x0000000004B01000-memory.dmp

Filesize
4KB

Download
memory/3256-46-0x0000000004C20000-0x0000000004C21000-memory.dmp

Filesize
4KB

Download
memory/3256-47-0x0000000004B80000-0x0000000004B81000-memory.dmp

Filesize
4KB

Download
memory/3256-44-0x0000000004BE0000-0x0000000004BE1000-memory.dmp

Filesize
4KB

Download
memory/3256-45-0x0000000004CC0000-0x0000000004CC1000-memory.dmp

Filesize
4KB

Download
memory/3256-43-0x0000000004B70000-0x0000000004B71000-memory.dmp

Filesize
4KB

Download
memory/3360-26-0x0000000004C20000-0x0000000004C21000-memory.dmp

Filesize
4KB

Download
memory/3360-23-0x0000000004B70000-0x0000000004B71000-memory.dmp

Filesize
4KB

Download
memory/3360-24-0x0000000004BE0000-0x0000000004BE1000-memory.dmp

Filesize
4KB

Download
memory/3360-22-0x00000000004D0000-0x0000000000502000-memory.dmp

Filesize
200KB

Download
memory/3360-25-0x0000000004CC0000-0x0000000004CC1000-memory.dmp

Filesize
4KB

Download
memory/3360-27-0x0000000004B80000-0x0000000004B81000-memory.dmp

Filesize
4KB

Download
memory/3360-29-0x0000000000520000-0x0000000000521000-memory.dmp

Filesize
4KB

Download
memory/3360-28-0x0000000004CA0000-0x0000000004CA1000-memory.dmp

Filesize
4KB

Download
memory/3360-30-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/3360-31-0x00000000004D0000-0x0000000000502000-memory.dmp

Filesize
200KB

Download
memory/3736-11-0x00000000006D0000-0x0000000000702000-memory.dmp

Filesize
200KB

Download
memory/3736-0-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/3736-10-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/3736-9-0x00000000005A0000-0x00000000005A1000-memory.dmp

Filesize
4KB

Download
memory/3736-2-0x0000000000760000-0x0000000000761000-memory.dmp

Filesize
4KB

Download
memory/3736-7-0x0000000004CA0000-0x0000000004CA1000-memory.dmp

Filesize
4KB

Download
memory/3736-6-0x0000000000770000-0x0000000000771000-memory.dmp

Filesize
4KB

Download
memory/3736-4-0x0000000004CC0000-0x0000000004CC1000-memory.dmp

Filesize
4KB

Download
memory/3736-5-0x0000000004C20000-0x0000000004C21000-memory.dmp

Filesize
4KB

Download
memory/3736-3-0x0000000004BE0000-0x0000000004BE1000-memory.dmp

Filesize
4KB

Download
memory/3736-1-0x00000000006D0000-0x0000000000702000-memory.dmp

Filesize
200KB

Download
memory/4552-53-0x0000000004B80000-0x0000000004B81000-memory.dmp

Filesize
4KB

Download
memory/4552-59-0x0000000000560000-0x0000000000561000-memory.dmp

Filesize
4KB

Download
memory/4552-61-0x00000000005D0000-0x0000000000602000-memory.dmp

Filesize
200KB

Download
memory/4552-60-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4552-58-0x0000000004CB0000-0x0000000004CB1000-memory.dmp

Filesize
4KB

Download
memory/4552-55-0x0000000004CD0000-0x0000000004CD1000-memory.dmp

Filesize
4KB

Download
memory/4552-57-0x0000000004B90000-0x0000000004B91000-memory.dmp

Filesize
4KB

Download
memory/4552-56-0x0000000004C30000-0x0000000004C31000-memory.dmp

Filesize
4KB

Download
memory/4552-54-0x0000000004BF0000-0x0000000004BF1000-memory.dmp

Filesize
4KB

Download
memory/4552-52-0x00000000005D0000-0x0000000000602000-memory.dmp

Filesize
200KB

Download
memory/4564-8-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4564-14-0x0000000004BE0000-0x0000000004BE1000-memory.dmp

Filesize
4KB

Download
memory/4564-15-0x0000000004CC0000-0x0000000004CC1000-memory.dmp

Filesize
4KB

Download
memory/4564-16-0x0000000004B80000-0x0000000004B81000-memory.dmp

Filesize
4KB

Download
memory/4564-20-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4564-18-0x0000000000670000-0x0000000000671000-memory.dmp

Filesize
4KB

Download
memory/4564-21-0x0000000004AD0000-0x0000000004B02000-memory.dmp

Filesize
200KB

Download
memory/4564-17-0x0000000004CA0000-0x0000000004CA1000-memory.dmp

Filesize
4KB

Download
memory/4564-19-0x0000000004C20000-0x0000000004C21000-memory.dmp

Filesize
4KB

Download
memory/4564-12-0x0000000004AD0000-0x0000000004B02000-memory.dmp

Filesize
200KB

Download
memory/4564-13-0x0000000004B70000-0x0000000004B71000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads