7c1d7c023dc6fb34e25ada037c122cd8c4b349ae0ea5df5b04510b0cb25a6124

Analysis

max time kernel
141s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
10-03-2024 15:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

beef692212ec123d51d8c71048ca8a55.exe
Size

3.0MB
MD5

beef692212ec123d51d8c71048ca8a55
SHA1

eab2293a2868177898f42adcc9a78067f93e66e9
SHA256

7c1d7c023dc6fb34e25ada037c122cd8c4b349ae0ea5df5b04510b0cb25a6124
SHA512

f024ae1df89a22155f206c1955d399a6b8f2027c44da6c26bc50fdc5cf2a523786deabe5f135bf3e0bfd1313feaad3c6cc8bf3cc5e298aa55406f51a1ddb1771
SSDEEP

49152:xaCvmr7nH9irrPvr14N0GRZc+udVptGX7pJ5YXIqAHd7g0bo1taKBF5fWl:YPHk3vKSsc+QVpyJ5K09ctaEF5Ol

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4524	beef692212ec123d51d8c71048ca8a55.tmp

Loads dropped DLL 2 IoCs

pid	Process
4524	beef692212ec123d51d8c71048ca8a55.tmp
4524	beef692212ec123d51d8c71048ca8a55.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4556 wrote to memory of 4524	4556	beef692212ec123d51d8c71048ca8a55.exe	86
PID 4556 wrote to memory of 4524	4556	beef692212ec123d51d8c71048ca8a55.exe	86
PID 4556 wrote to memory of 4524	4556	beef692212ec123d51d8c71048ca8a55.exe	86

C:\Users\Admin\AppData\Local\Temp\beef692212ec123d51d8c71048ca8a55.exe
"C:\Users\Admin\AppData\Local\Temp\beef692212ec123d51d8c71048ca8a55.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4556
- C:\Users\Admin\AppData\Local\Temp\is-DTQSJ.tmp\beef692212ec123d51d8c71048ca8a55.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-DTQSJ.tmp\beef692212ec123d51d8c71048ca8a55.tmp" /SL5="$6004A,2686837,158720,C:\Users\Admin\AppData\Local\Temp\beef692212ec123d51d8c71048ca8a55.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4524

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-8QR3C.tmp\itdownload.dll

Filesize
200KB

MD5
d82a429efd885ca0f324dd92afb6b7b8

SHA1
86bbdaa15e6fc5c7779ac69c84e53c43c9eb20ea

SHA256
b258c4d7d2113dee2168ed7e35568c8e03341e24e3eafc7a22a0d62e32122ef3

SHA512
5bf0c3b8fa5db63205a263c4fa5337188173248bef609ba4d03508c50db1fd1e336f3041ce96d78cc97659357a83e6e422f5b079d893a20a683270e05f5438df

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DTQSJ.tmp\beef692212ec123d51d8c71048ca8a55.tmp

Filesize
790KB

MD5
953baed656f0836b0f6d343d92c1a0c9

SHA1
9b74f284eab2e3321aa1bff592cba97a0d9b9051

SHA256
b5871cfac6d190edda34ab9aec7180301dc1bb10a120d1df09f8ede0dd451071

SHA512
545454f9634a9505b9a63318b75e6ad364c75b3e40f261415d36b9f393a46d9d08c0467e3feec72510256f74800ec84eeae405a656143197405065bdfd8725f6

Download Submit
memory/4524-7-0x0000000002120000-0x0000000002121000-memory.dmp

Filesize
4KB

Download
memory/4524-17-0x00000000050C0000-0x00000000050FC000-memory.dmp

Filesize
240KB

Download
memory/4524-22-0x0000000000400000-0x00000000004D6000-memory.dmp

Filesize
856KB

Download
memory/4524-23-0x00000000050C0000-0x00000000050FC000-memory.dmp

Filesize
240KB

Download
memory/4524-27-0x0000000002120000-0x0000000002121000-memory.dmp

Filesize
4KB

Download
memory/4556-0-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4556-2-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4556-21-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads