Analysis
-
max time kernel
133s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
14-03-2024 12:30
General
-
Target
c89ea105180509b4245e7f0478578f52.exe
-
Size
58KB
-
MD5
c89ea105180509b4245e7f0478578f52
-
SHA1
f7c515e11adf5105e9806f078d572d83891cfbf6
-
SHA256
1defdc7cba1484801f127b77388f1f4bc438ec4416ff276bcbe605eca2a14f69
-
SHA512
f17f49ebffa8a495ec164a06def3f4a89b40ab58bc9bb4793f20c52723fb2a592d41a0bfdd09f81e377eb93a7bf220759f671f079e9dd63163f5ae64ca2b7a95
-
SSDEEP
768:h5svx0qCZkFQk1zOkN85Flb+6O24COhGtjfv/aSD2c8cyg5YkVm42c7kEhaG8/3g:otC1kHmlbhjtjvac29Yr3LDSV
Score
8/10
Malware Config
Signatures
-
Adds policy Run key to start application 2 TTPs 2 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c89ea105180509b4245e7f0478578f52.exe"C:\Users\Admin\AppData\Local\Temp\c89ea105180509b4245e7f0478578f52.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
-
C:\ProgramData\lmpudsro\vixwdina.exeC:\ProgramData\lmpudsro\vixwdina.exe2⤵
- Adds policy Run key to start application
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exe/c del /f C:\Users\Admin\AppData\Local\Temp\C89EA1~1.EXE.bak >> NUL2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
58KB
MD5c89ea105180509b4245e7f0478578f52
SHA1f7c515e11adf5105e9806f078d572d83891cfbf6
SHA2561defdc7cba1484801f127b77388f1f4bc438ec4416ff276bcbe605eca2a14f69
SHA512f17f49ebffa8a495ec164a06def3f4a89b40ab58bc9bb4793f20c52723fb2a592d41a0bfdd09f81e377eb93a7bf220759f671f079e9dd63163f5ae64ca2b7a95