89df1eb47e24963acda027076d670844dd2923fdd76546046afba32ab783cb6c

Resubmissions

07/03/2024, 15:06

240307-sg3jhseb28 10

Analysis

max time kernel
153s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07/03/2024, 15:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AOMEICyberBackupFree.exe
Size

221.2MB
MD5

2e5c0bc2dd3e3bd228268cf849997a5d
SHA1

603d29b5f8a65562f332fca4449b7c4eac6ae20f
SHA256

30c07bfc24f3319881b765d06d77b43b26fe5dd686d8c3f3d800a381328f9908
SHA512

42de49b5e67df1141bf1f54d6261081a4820e34ea1412397c32fe67057e48e6b3e2304221590a9d59bd2598f45b8594b63732bbca51dabdf917e61f0fa54a556
SSDEEP

6291456:3XNgDQfHLw1rFQX3bmCoy3tCQtBJ4qi4MMPG+BD:ffHLw5FQqCHdCQtBJ4H44y

Score

4^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2280	AOMEICyberBackupFree.tmp

Loads dropped DLL 2 IoCs

pid	Process
2280	AOMEICyberBackupFree.tmp
2280	AOMEICyberBackupFree.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3064 wrote to memory of 2280	3064	AOMEICyberBackupFree.exe	91
PID 3064 wrote to memory of 2280	3064	AOMEICyberBackupFree.exe	91
PID 3064 wrote to memory of 2280	3064	AOMEICyberBackupFree.exe	91

C:\Users\Admin\AppData\Local\Temp\AOMEICyberBackupFree.exe
"C:\Users\Admin\AppData\Local\Temp\AOMEICyberBackupFree.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3064
- C:\Users\Admin\AppData\Local\Temp\is-918B7.tmp\AOMEICyberBackupFree.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-918B7.tmp\AOMEICyberBackupFree.tmp" /SL5="$60202,231354074,362496,C:\Users\Admin\AppData\Local\Temp\AOMEICyberBackupFree.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2280

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-4C8EP.tmp\InnoHelp.dll

Filesize
345KB

MD5
1ca2f4a64b480239a5eb4f6bf0dfb891

SHA1
70c63121bc124eb091352b23e42513fd5bbad0ba

SHA256
4aa06b77518ae329a8d50f91af5dd4073d4db342862c39fcc76d77f35d1cb817

SHA512
d3241341e342bc7e646ccbf28150750091a18ae536024dc2eb8d140952069e50f1cf00539f12b1eab26e4ef997aaa78a8e6c9c1f0af1386b98211697b1ca964a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-4C8EP.tmp\WinOSVer.dll

Filesize
110KB

MD5
f10dd5ed4ed6d131d1e8a61724eab773

SHA1
c79b14d2088a240cbafc184138fc3b3772201531

SHA256
9bc513a3fbb492748387de314703d3a00f45b58a25a5be056569de77c98a2b80

SHA512
ce42772996ffdda871d96cd7f6a10bf7c8ba1343890a8ecca8be7796b20f1b6b5fa79dcabc8ddfe694c0915b24ef7b9f2d308acef104aabcda23d5f39bd68313

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-918B7.tmp\AOMEICyberBackupFree.tmp

Filesize
1.6MB

MD5
1476696ca423949ba049398fe85cd72c

SHA1
c75de9f7c7a2dc0560073e031f60f0ca3945ec19

SHA256
471f1314c56acd7893b441c121bf6cd36a2b94052cbaa9c3b204ba9b9451dddd

SHA512
4ed74d46c8ef8b35c20e7637f0cd01074383d9230f82a9ac76e4123f24834f64f17a912978d60948b332549b4dcfae3881ad5fd77eaa31afb4e3ce3dbc4791c1

Download Submit
memory/2280-6-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/2280-28-0x0000000000400000-0x00000000005AF000-memory.dmp

Filesize
1.7MB

Download
memory/2280-31-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/2280-35-0x0000000000400000-0x00000000005AF000-memory.dmp

Filesize
1.7MB

Download
memory/3064-0-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download
memory/3064-27-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads