690dd94889b4f313ef4ac0b6ef9f5dc5f0728f34092b65ee68e61bd10af48a53

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2024, 06:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c01b5c7c2ef1ffe3481e4b4c3f3e50a4.exe
Size

227KB
MD5

c01b5c7c2ef1ffe3481e4b4c3f3e50a4
SHA1

0a9dc603ed0dda03d0e45cd3fa06e9105f86719c
SHA256

690dd94889b4f313ef4ac0b6ef9f5dc5f0728f34092b65ee68e61bd10af48a53
SHA512

16ae4363211ee19e84b34fb84750217d26e9452c1de364dbe4a4d0f0abbbfce36f3a7093a922ad81bda27e27f68d8eae1b7e9cc25046df6aaa4d8a01d35134a3
SSDEEP

3072:DA3j1PgpirbVPkaCoYvpgJzoK/K4UWWhyeHQZ9skJN+99ybrG53ZY3gz:YhPYirbVPFCoYBU/K9Jpk9R3S3a3e

Score

1^/10

Malware Config

Signatures

Suspicious behavior: RenamesItself 12 IoCs

pid	Process
3924	c01b5c7c2ef1ffe3481e4b4c3f3e50a4.exe
2028	liadbcbxoku.exe
4888	tyiv.exe
4344	tken.exe
5000	qgpptb.exe
3772	aezyivptmao.exe
1404	owikbm.exe
2528	ruxhuxnbcy.exe
4168	cxzjsy.exe
4768	lxpcloupwfc.exe
4380	aaxcar.exe
2412	vdehw.exe

Suspicious use of WriteProcessMemory 36 IoCs

description	pid	Process	procid_target
PID 3924 wrote to memory of 2028	3924	c01b5c7c2ef1ffe3481e4b4c3f3e50a4.exe	99
PID 3924 wrote to memory of 2028	3924	c01b5c7c2ef1ffe3481e4b4c3f3e50a4.exe	99
PID 3924 wrote to memory of 2028	3924	c01b5c7c2ef1ffe3481e4b4c3f3e50a4.exe	99
PID 2028 wrote to memory of 4888	2028	liadbcbxoku.exe	101
PID 2028 wrote to memory of 4888	2028	liadbcbxoku.exe	101
PID 2028 wrote to memory of 4888	2028	liadbcbxoku.exe	101
PID 4888 wrote to memory of 4344	4888	tyiv.exe	104
PID 4888 wrote to memory of 4344	4888	tyiv.exe	104
PID 4888 wrote to memory of 4344	4888	tyiv.exe	104
PID 4344 wrote to memory of 5000	4344	tken.exe	105
PID 4344 wrote to memory of 5000	4344	tken.exe	105
PID 4344 wrote to memory of 5000	4344	tken.exe	105
PID 5000 wrote to memory of 3772	5000	qgpptb.exe	106
PID 5000 wrote to memory of 3772	5000	qgpptb.exe	106
PID 5000 wrote to memory of 3772	5000	qgpptb.exe	106
PID 3772 wrote to memory of 1404	3772	aezyivptmao.exe	108
PID 3772 wrote to memory of 1404	3772	aezyivptmao.exe	108
PID 3772 wrote to memory of 1404	3772	aezyivptmao.exe	108
PID 1404 wrote to memory of 2528	1404	owikbm.exe	109
PID 1404 wrote to memory of 2528	1404	owikbm.exe	109
PID 1404 wrote to memory of 2528	1404	owikbm.exe	109
PID 2528 wrote to memory of 4168	2528	ruxhuxnbcy.exe	110
PID 2528 wrote to memory of 4168	2528	ruxhuxnbcy.exe	110
PID 2528 wrote to memory of 4168	2528	ruxhuxnbcy.exe	110
PID 4168 wrote to memory of 4768	4168	cxzjsy.exe	119
PID 4168 wrote to memory of 4768	4168	cxzjsy.exe	119
PID 4168 wrote to memory of 4768	4168	cxzjsy.exe	119
PID 4768 wrote to memory of 4380	4768	lxpcloupwfc.exe	120
PID 4768 wrote to memory of 4380	4768	lxpcloupwfc.exe	120
PID 4768 wrote to memory of 4380	4768	lxpcloupwfc.exe	120
PID 4380 wrote to memory of 2412	4380	aaxcar.exe	121
PID 4380 wrote to memory of 2412	4380	aaxcar.exe	121
PID 4380 wrote to memory of 2412	4380	aaxcar.exe	121
PID 2412 wrote to memory of 3088	2412	vdehw.exe	125
PID 2412 wrote to memory of 3088	2412	vdehw.exe	125
PID 2412 wrote to memory of 3088	2412	vdehw.exe	125

C:\Users\Admin\AppData\Local\Temp\c01b5c7c2ef1ffe3481e4b4c3f3e50a4.exe
"C:\Users\Admin\AppData\Local\Temp\c01b5c7c2ef1ffe3481e4b4c3f3e50a4.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:3924
- C:\Windows\SysWOW64\liadbcbxoku.exe
  C:\Windows\system32\liadbcbxoku.exe
  2⤵
  - Suspicious behavior: RenamesItself
  - Suspicious use of WriteProcessMemory
  PID:2028
- - C:\Windows\SysWOW64\tyiv.exe
    C:\Windows\system32\tyiv.exe
    3⤵
    - Suspicious behavior: RenamesItself
    - Suspicious use of WriteProcessMemory
    PID:4888
  - - C:\Windows\SysWOW64\tken.exe
      C:\Windows\system32\tken.exe
      4⤵
      Suspicious behavior: RenamesItself
      Suspicious use of WriteProcessMemory
      PID:4344
    - - C:\Windows\SysWOW64\qgpptb.exe
        
        C:\Windows\system32\qgpptb.exe
        5⤵
        Suspicious behavior: RenamesItself
        Suspicious use of WriteProcessMemory
        
        PID:5000
      - C:\Windows\SysWOW64\aezyivptmao.exe
        
        C:\Windows\system32\aezyivptmao.exe
        6⤵
        Suspicious behavior: RenamesItself
        Suspicious use of WriteProcessMemory
        
        PID:3772
        
        C:\Windows\SysWOW64\owikbm.exe
        
        C:\Windows\system32\owikbm.exe
        7⤵
        Suspicious behavior: RenamesItself
        Suspicious use of WriteProcessMemory
        
        PID:1404
        
        C:\Windows\SysWOW64\ruxhuxnbcy.exe
        
        C:\Windows\system32\ruxhuxnbcy.exe
        8⤵
        Suspicious behavior: RenamesItself
        Suspicious use of WriteProcessMemory
        
        PID:2528
        
        C:\Windows\SysWOW64\cxzjsy.exe
        
        C:\Windows\system32\cxzjsy.exe
        9⤵
        Suspicious behavior: RenamesItself
        Suspicious use of WriteProcessMemory
        
        PID:4168
        
        C:\Windows\SysWOW64\lxpcloupwfc.exe
        
        C:\Windows\system32\lxpcloupwfc.exe
        10⤵
        Suspicious behavior: RenamesItself
        Suspicious use of WriteProcessMemory
        
        PID:4768
        
        C:\Windows\SysWOW64\aaxcar.exe
        
        C:\Windows\system32\aaxcar.exe
        11⤵
        Suspicious behavior: RenamesItself
        Suspicious use of WriteProcessMemory
        
        PID:4380
        
        C:\Windows\SysWOW64\vdehw.exe
        
        C:\Windows\system32\vdehw.exe
        12⤵
        Suspicious behavior: RenamesItself
        Suspicious use of WriteProcessMemory
        
        PID:2412
        
        C:\Windows\SysWOW64\akasxsztqzfha.exe
        
        C:\Windows\system32\akasxsztqzfha.exe
        13⤵
        
        PID:3088

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1404-62-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2028-8-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2028-17-0x0000000004B10000-0x0000000004B11000-memory.dmp

Filesize
4KB

Download
memory/2028-15-0x0000000004C50000-0x0000000004C51000-memory.dmp

Filesize
4KB

Download
memory/2028-18-0x0000000004C30000-0x0000000004C31000-memory.dmp

Filesize
4KB

Download
memory/2028-22-0x0000000000590000-0x00000000005C1000-memory.dmp

Filesize
196KB

Download
memory/2028-21-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2028-20-0x0000000004C80000-0x0000000004C81000-memory.dmp

Filesize
4KB

Download
memory/2028-12-0x0000000000590000-0x00000000005C1000-memory.dmp

Filesize
196KB

Download
memory/2028-13-0x0000000004B00000-0x0000000004B01000-memory.dmp

Filesize
4KB

Download
memory/2028-16-0x0000000004B90000-0x0000000004B91000-memory.dmp

Filesize
4KB

Download
memory/2028-14-0x0000000004B50000-0x0000000004B51000-memory.dmp

Filesize
4KB

Download
memory/3772-60-0x0000000000630000-0x0000000000631000-memory.dmp

Filesize
4KB

Download
memory/3772-57-0x0000000000670000-0x0000000000671000-memory.dmp

Filesize
4KB

Download
memory/3772-61-0x0000000004C20000-0x0000000004C21000-memory.dmp

Filesize
4KB

Download
memory/3772-58-0x0000000004C40000-0x0000000004C41000-memory.dmp

Filesize
4KB

Download
memory/3772-56-0x0000000000620000-0x0000000000621000-memory.dmp

Filesize
4KB

Download
memory/3772-55-0x00000000005B0000-0x00000000005E1000-memory.dmp

Filesize
196KB

Download
memory/3772-63-0x0000000004C70000-0x0000000004C71000-memory.dmp

Filesize
4KB

Download
memory/3772-59-0x0000000004B80000-0x0000000004B81000-memory.dmp

Filesize
4KB

Download
memory/3924-6-0x0000000004B10000-0x0000000004B11000-memory.dmp

Filesize
4KB

Download
memory/3924-0-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/3924-11-0x0000000004C80000-0x0000000004C81000-memory.dmp

Filesize
4KB

Download
memory/3924-9-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/3924-5-0x0000000004B90000-0x0000000004B91000-memory.dmp

Filesize
4KB

Download
memory/3924-7-0x0000000004C30000-0x0000000004C31000-memory.dmp

Filesize
4KB

Download
memory/3924-10-0x0000000004AC0000-0x0000000004AF1000-memory.dmp

Filesize
196KB

Download
memory/3924-4-0x0000000004C50000-0x0000000004C51000-memory.dmp

Filesize
4KB

Download
memory/3924-3-0x0000000004B50000-0x0000000004B51000-memory.dmp

Filesize
4KB

Download
memory/3924-2-0x0000000004B00000-0x0000000004B01000-memory.dmp

Filesize
4KB

Download
memory/3924-30-0x0000000004C80000-0x0000000004C81000-memory.dmp

Filesize
4KB

Download
memory/3924-1-0x0000000004AC0000-0x0000000004AF1000-memory.dmp

Filesize
196KB

Download
memory/4344-42-0x0000000004C80000-0x0000000004C81000-memory.dmp

Filesize
4KB

Download
memory/4344-43-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4344-34-0x0000000004AC0000-0x0000000004AF1000-memory.dmp

Filesize
196KB

Download
memory/4344-36-0x0000000004B50000-0x0000000004B51000-memory.dmp

Filesize
4KB

Download
memory/4344-35-0x0000000004B00000-0x0000000004B01000-memory.dmp

Filesize
4KB

Download
memory/4344-38-0x0000000004B90000-0x0000000004B91000-memory.dmp

Filesize
4KB

Download
memory/4344-39-0x0000000004B10000-0x0000000004B11000-memory.dmp

Filesize
4KB

Download
memory/4344-37-0x0000000004C50000-0x0000000004C51000-memory.dmp

Filesize
4KB

Download
memory/4344-44-0x0000000004AC0000-0x0000000004AF1000-memory.dmp

Filesize
196KB

Download
memory/4344-40-0x0000000004C30000-0x0000000004C31000-memory.dmp

Filesize
4KB

Download
memory/4888-33-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4888-31-0x0000000004AA0000-0x0000000004AD1000-memory.dmp

Filesize
196KB

Download
memory/4888-32-0x0000000004C80000-0x0000000004C81000-memory.dmp

Filesize
4KB

Download
memory/4888-19-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4888-23-0x0000000004AA0000-0x0000000004AD1000-memory.dmp

Filesize
196KB

Download
memory/4888-24-0x0000000004B00000-0x0000000004B01000-memory.dmp

Filesize
4KB

Download
memory/4888-26-0x0000000004C50000-0x0000000004C51000-memory.dmp

Filesize
4KB

Download
memory/4888-25-0x0000000004B50000-0x0000000004B51000-memory.dmp

Filesize
4KB

Download
memory/4888-27-0x0000000004B10000-0x0000000004B11000-memory.dmp

Filesize
4KB

Download
memory/4888-28-0x0000000004C30000-0x0000000004C31000-memory.dmp

Filesize
4KB

Download
memory/4888-29-0x0000000004B90000-0x0000000004B91000-memory.dmp

Filesize
4KB

Download
memory/5000-46-0x0000000004B00000-0x0000000004B01000-memory.dmp

Filesize
4KB

Download
memory/5000-53-0x0000000004C80000-0x0000000004C81000-memory.dmp

Filesize
4KB

Download
memory/5000-54-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/5000-52-0x0000000004A70000-0x0000000004AA1000-memory.dmp

Filesize
196KB

Download
memory/5000-51-0x0000000004C30000-0x0000000004C31000-memory.dmp

Filesize
4KB

Download
memory/5000-49-0x0000000004B90000-0x0000000004B91000-memory.dmp

Filesize
4KB

Download
memory/5000-50-0x0000000004B10000-0x0000000004B11000-memory.dmp

Filesize
4KB

Download
memory/5000-41-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/5000-48-0x0000000004C50000-0x0000000004C51000-memory.dmp

Filesize
4KB

Download
memory/5000-47-0x0000000004B50000-0x0000000004B51000-memory.dmp

Filesize
4KB

Download
memory/5000-45-0x0000000004A70000-0x0000000004AA1000-memory.dmp

Filesize
196KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads