Analysis

  • max time kernel
    150s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-03-2024 01:07

General

  • Target

    8cc8b9d4bfe8b9f3c4183114ff5410122360d9b9154b27628a0cb1c1ec2860bf.exe

  • Size

    35.2MB

  • MD5

    c76e2f40033164fb65f0d9c4dc529674

  • SHA1

    9d2a52ca80594dff2cbd59dfffafec590cc24844

  • SHA256

    8cc8b9d4bfe8b9f3c4183114ff5410122360d9b9154b27628a0cb1c1ec2860bf

  • SHA512

    a4f6eff4b0883241373818fa182cdc05b1fd17d3765d8d68560df5c3328cb021c6b91e451661630cf9df9bc50a0cfbd717a62582481fb991d440209ede5caef3

  • SSDEEP

    393216:kRVXO3hEg5/JudPsRwyCpcyCpY1hhD2lrxTKLbrGh3k6aBeA0v:OJshfBudPV3c3g0xTKLbrGhZVAw

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 26 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8cc8b9d4bfe8b9f3c4183114ff5410122360d9b9154b27628a0cb1c1ec2860bf.exe
    "C:\Users\Admin\AppData\Local\Temp\8cc8b9d4bfe8b9f3c4183114ff5410122360d9b9154b27628a0cb1c1ec2860bf.exe"
    1⤵
    • Loads dropped DLL
    PID:3408

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\.net\8cc8b9d4bfe8b9f3c4183114ff5410122360d9b9154b27628a0cb1c1ec2860bf\4wtdvwbx.jdp\Google.Protobuf.dll

    Filesize

    388KB

    MD5

    97b00cf7ae2658051d74cb009e33932b

    SHA1

    58fc889f50c0fd41b1e80533585f44896697f7bc

    SHA256

    c32e70cfd3abfb2c2381a434f57b5616da6c7dcd8457d2f7db1de0d53646e2a1

    SHA512

    eda206adc6630cc2e5b677635ef7f1e5696a1b6ddc531dd746e91a9e4cf6b28875ede684369295a1d0a3ba346f9989f4e85e459498ba6bebfe53fb89f2400db5

  • C:\Users\Admin\AppData\Local\Temp\.net\8cc8b9d4bfe8b9f3c4183114ff5410122360d9b9154b27628a0cb1c1ec2860bf\4wtdvwbx.jdp\Microsoft.Win32.Primitives.dll

    Filesize

    7KB

    MD5

    07b0d8d5562b3b60f5b78cf80b08cc84

    SHA1

    d4760c390aff85493fa5f17cc74a92324e66c550

    SHA256

    801a02e48db21fe906f2c5bdd7954f112b3ce95180e56d298e5f20e6031d5635

    SHA512

    ca904d1a674b4a6fda69812f1d860e37f0144b4f6afb58e60755a9db542b3461e23498313122810ed031e3fd214e5393fe4928b61c418c535bb7b5275bc29f0c

  • C:\Users\Admin\AppData\Local\Temp\.net\8cc8b9d4bfe8b9f3c4183114ff5410122360d9b9154b27628a0cb1c1ec2860bf\4wtdvwbx.jdp\RWDWrapper.dll

    Filesize

    142KB

    MD5

    e95cc57b6658bd158e4801c53ad2b625

    SHA1

    98204aeb3afea5a3269ac96144b96e3c0bdb46b8

    SHA256

    dde1ea38de6925700a48e6bc426aca038b3ee3a6426078901713b6c36cf8cf04

    SHA512

    c936dc969556a8971d4f1cdeb3dbea3ffbb003c4a8aac07e7c2109f778c16d70d9f691f7964656deeb7feaf63c234a4b57591fda608e84cddc7cda77c3f99184

  • C:\Users\Admin\AppData\Local\Temp\.net\8cc8b9d4bfe8b9f3c4183114ff5410122360d9b9154b27628a0cb1c1ec2860bf\4wtdvwbx.jdp\RWDetectCore.dll

    Filesize

    252KB

    MD5

    faa1a3e2ba9f9aa98937fec6af591775

    SHA1

    c86d68c275d4afe785706d4a701657ee6040913b

    SHA256

    d275108d81b27fa8f59d0292a8401b267e97abf1f25b2703970fd31fbb18c6ac

    SHA512

    0898ae0c72d1accd78fd17afdf921480e0d0ca200f9cc4bacad01f40e2440b705351b9afff4e20abff9c20684b4a84b2b4e4b2775010460e187d2daee7702367

  • C:\Users\Admin\AppData\Local\Temp\.net\8cc8b9d4bfe8b9f3c4183114ff5410122360d9b9154b27628a0cb1c1ec2860bf\4wtdvwbx.jdp\System.ComponentModel.Primitives.dll

    Filesize

    21KB

    MD5

    1bfae4eb268780ee5ffd12279051f165

    SHA1

    46cee1b14a0f6e9c420355085204c6c5112223fc

    SHA256

    d5663d4ef35bc38218d7b77b7f03c5c836c3abf712e3f6413c0945d458f6d730

    SHA512

    67643b7e8f9f62a17dda98811448104d578a68fcd30864c0cb60f8f2dd0b0d27cbc34a3d35c4f4e14f3ddbf5debd8f65a09a367836d7cddc489de78540ef7677

  • C:\Users\Admin\AppData\Local\Temp\.net\8cc8b9d4bfe8b9f3c4183114ff5410122360d9b9154b27628a0cb1c1ec2860bf\4wtdvwbx.jdp\System.Console.dll

    Filesize

    61KB

    MD5

    b09cdfc0323c18af2fc00cb792bef5f9

    SHA1

    a549e835a5a418bb7a706b9538d26dce20d93fd6

    SHA256

    306275d797992b656ac6ffa87b1b36f9b0df9f0fc35e8f39aa9330d77dba95dc

    SHA512

    0a250de2cef4f99fae033b319466b5e207f87891a541adfff5e6b0f99768044ed87e4ba48c2d4ec2a431d91af360556b040a828735929124571c824609985c99

  • C:\Users\Admin\AppData\Local\Temp\.net\8cc8b9d4bfe8b9f3c4183114ff5410122360d9b9154b27628a0cb1c1ec2860bf\4wtdvwbx.jdp\System.Diagnostics.Process.dll

    Filesize

    103KB

    MD5

    b90ff9e9d2ec177ce1cbe54eb1224271

    SHA1

    f893adfbc6f81efb5b16b1bed2aff06e2c18a2a7

    SHA256

    d6d57ef90d2c5bb32880add8510bbabacd909cdecc428776d68b7d5e0011a549

    SHA512

    1cc247d30c1ffb7322fe12d2dc532d3dd12e4fc2c4d52a8abd5c4d8ef255a5ae3956df45478576b563bc9c46f5df2ec4d06896d9308c0828b67e9796dece0ab5

  • C:\Users\Admin\AppData\Local\Temp\.net\8cc8b9d4bfe8b9f3c4183114ff5410122360d9b9154b27628a0cb1c1ec2860bf\4wtdvwbx.jdp\System.IO.FileSystem.dll

    Filesize

    84KB

    MD5

    9551c111436c2ce7115c89b242b001a2

    SHA1

    b626e1365bd3238d9efbc2dc54acb127928ab3a4

    SHA256

    153fb51ac6e06d59ad78d77ef04e441157262bb8c6461549ebd79dd5b99faf56

    SHA512

    11c864f43dfb3e744585ea44b986936c1b154991885bb8d35c66f2019653b7a5efc4e2422c668a0b6f9e97a67f97844a3d0f319246613388d7a09fc339100c0e

  • C:\Users\Admin\AppData\Local\Temp\.net\8cc8b9d4bfe8b9f3c4183114ff5410122360d9b9154b27628a0cb1c1ec2860bf\4wtdvwbx.jdp\System.Private.CoreLib.dll

    Filesize

    8.3MB

    MD5

    2bd785b7910d92aaa4c74aa67d3ab0d0

    SHA1

    39eb8f690f000da61c86cd2a3a44379d70165906

    SHA256

    b39ce8db3a0202160533d868dffbb6295fbe4e4f0191cc99566a41a232f1de33

    SHA512

    3fc0856764fdcc92c5b531fed738f2a2649561a222a015da523e4ee4a5e6c86e1947e1a468ae1f8674582ae2960ebd7eaa2821cfab7a9d02e76858e5f72e5dec

  • C:\Users\Admin\AppData\Local\Temp\.net\8cc8b9d4bfe8b9f3c4183114ff5410122360d9b9154b27628a0cb1c1ec2860bf\4wtdvwbx.jdp\System.Security.Claims.dll

    Filesize

    38KB

    MD5

    915966dbd840fcc73ab2405bb18e271c

    SHA1

    0b52c45fb707b4276822166e26837da58d514b9b

    SHA256

    4b53f524266f19ee6caa250170aaf74ddbd56c1a5f0e8e77cc22f2cca45dee77

    SHA512

    34230f6e0a9cc7fde186ef63bdc65c70f90e5ffe52840fafdbde640585b171f744886a81c7248e5f8e8d0d39ee8a0196092d7cedc1e8b5322cf31804e19dd1c5

  • C:\Users\Admin\AppData\Local\Temp\.net\8cc8b9d4bfe8b9f3c4183114ff5410122360d9b9154b27628a0cb1c1ec2860bf\4wtdvwbx.jdp\System.Security.Principal.Windows.dll

    Filesize

    70KB

    MD5

    e7e5c665e277876f1da001bc0b8fd29f

    SHA1

    2834285442131c4ead130983c623c36c07ffd4ee

    SHA256

    6ab14f9e5465679eb1eaf8fc6d60da0e6b83953e916d44fedbb7a669a1dd2e6f

    SHA512

    df2eaf5d81ddaa710eec4ef1906c82fdb5e7900c12a0c8e146f1f1992cc9b7c952c507926232ebf4c7c95dbec0e1f57c7dd6daff2353856315e36ea3ab8d85ef

  • C:\Users\Admin\AppData\Local\Temp\.net\8cc8b9d4bfe8b9f3c4183114ff5410122360d9b9154b27628a0cb1c1ec2860bf\4wtdvwbx.jdp\System.Security.Principal.dll

    Filesize

    14KB

    MD5

    9677d4c2ef1b96413bc7450546a32117

    SHA1

    c495a8f361efc271c701affe769f71aad72012f2

    SHA256

    55667d06c50f9578688d3442f0806271d21709068e0522519602b9c9923cec50

    SHA512

    3cd5a555c845aa324d98b30d227d54ce7685ebaecd122f495c5ecff47ba102d5ad74b259345fe2a72c8c9d047451f7b2819a4884e5cc606b54e31f0df848f804

  • C:\Users\Admin\AppData\Local\Temp\.net\8cc8b9d4bfe8b9f3c4183114ff5410122360d9b9154b27628a0cb1c1ec2860bf\4wtdvwbx.jdp\clrjit.dll

    Filesize

    1.1MB

    MD5

    27789a18fdcb4a187ee5eefd437ff148

    SHA1

    f54a6bbac13d4718a2a184a154b43d67dd5d0e34

    SHA256

    02c9cfd7d8e2ac05848b5babf5f1b1f814974fe4c76f78fa7fd2028d60f4920b

    SHA512

    68f07c6e0bd366d32f3eee9614a8a10430300a466d8a6c1228fb8aca30a3cf3b09d8c92d29946041abfe0aa1a237a99d780fd88faa5921548b517dc339f06a13

  • C:\Users\Admin\AppData\Local\Temp\.net\8cc8b9d4bfe8b9f3c4183114ff5410122360d9b9154b27628a0cb1c1ec2860bf\4wtdvwbx.jdp\coreclr.dll

    Filesize

    4.1MB

    MD5

    3865f4485c85711df1def0a34500435d

    SHA1

    39b2e834ed7cd230e6c2492f54e459ddec1b26ac

    SHA256

    87101d385993e908ce389d02ea678ec262699004fedf9312471dae9508b6d039

    SHA512

    cb3e1484bdbe8aa8059dd802dd30c4bc76322c90961bf7bfab88d96def40210eb9c5b2c9ac94177bba2e531538e308d1a33401b5f44e2d40c60c6db606699881

  • C:\Users\Admin\AppData\Local\Temp\.net\8cc8b9d4bfe8b9f3c4183114ff5410122360d9b9154b27628a0cb1c1ec2860bf\4wtdvwbx.jdp\hostfxr.dll

    Filesize

    460KB

    MD5

    062130267f2b4578371730049cdb3019

    SHA1

    7e5c6148ea73ac6183ab1a35ba66b05c267199de

    SHA256

    eca52750458735e777da61d34ed9a647afc363ad45eecae3828d0de841c8357e

    SHA512

    f34f6d871d8f1aed28aee3869f19c8017e3a54ee0240546ffb2f98353dfe7161d9eb2f43c672dcca61dfd128421131de60aa808a0c865368885900f6094a6cb5

  • C:\Users\Admin\AppData\Local\Temp\.net\8cc8b9d4bfe8b9f3c4183114ff5410122360d9b9154b27628a0cb1c1ec2860bf\4wtdvwbx.jdp\hostpolicy.dll

    Filesize

    456KB

    MD5

    c5e6db8817401d455753c8545bb52629

    SHA1

    25fb83bd7253cba007fdb1221e5fb55e24b33d0f

    SHA256

    4fbf2e5ee0cad1b58a04ca39b1c02b081fc7c4fb640db03c93c35f3536438993

    SHA512

    e03963127e335668517033c177ad854c3baa3080182e3181cb91ffb6fe138ae9ee9e14ab8e14343c82d6394da89a48f5cae20b41016af61bb58df2320f722b6f

  • memory/3408-148-0x0000000075680000-0x0000000075AAF000-memory.dmp

    Filesize

    4.2MB

  • memory/3408-198-0x0000000075680000-0x0000000075AAF000-memory.dmp

    Filesize

    4.2MB