40dc5ef33aa1f1b122f05493aa5ee8e51ecec952e680c38ff46a30869b93e0d8

Analysis

max time kernel
141s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2024, 18:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cc125966b004b72e9e043a577cd586e6.exe
Size

547KB
MD5

cc125966b004b72e9e043a577cd586e6
SHA1

5ba2571ebaeb9a5a50af344d37519dc204365d38
SHA256

40dc5ef33aa1f1b122f05493aa5ee8e51ecec952e680c38ff46a30869b93e0d8
SHA512

fa52084a0625cabe2c68b123410d834584bd3286b650acce90d1de517307d60094e73e4cff579af86aa73e564742a7a07780b19c089cfd1b5c4a608369c21c9d
SSDEEP

12288:hna9Xq0ROvAA+BoxWIBMxGF4O2DnM2xk/O2e:hna1DRO4BVICGQJxkTe

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3092	cc125966b004b72e9e043a577cd586e6.tmp

Loads dropped DLL 2 IoCs

pid	Process
3092	cc125966b004b72e9e043a577cd586e6.tmp
3092	cc125966b004b72e9e043a577cd586e6.tmp

Script User-Agent 4 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	11	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	13	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	18	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	24	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2388 wrote to memory of 3092	2388	cc125966b004b72e9e043a577cd586e6.exe	88
PID 2388 wrote to memory of 3092	2388	cc125966b004b72e9e043a577cd586e6.exe	88
PID 2388 wrote to memory of 3092	2388	cc125966b004b72e9e043a577cd586e6.exe	88

C:\Users\Admin\AppData\Local\Temp\cc125966b004b72e9e043a577cd586e6.exe
"C:\Users\Admin\AppData\Local\Temp\cc125966b004b72e9e043a577cd586e6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2388
- C:\Users\Admin\AppData\Local\Temp\is-D04BV.tmp\cc125966b004b72e9e043a577cd586e6.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-D04BV.tmp\cc125966b004b72e9e043a577cd586e6.tmp" /SL5="$12005E,289374,54272,C:\Users\Admin\AppData\Local\Temp\cc125966b004b72e9e043a577cd586e6.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3092

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-8T8R0.tmp\itdownload.dll

Filesize
200KB

MD5
d82a429efd885ca0f324dd92afb6b7b8

SHA1
86bbdaa15e6fc5c7779ac69c84e53c43c9eb20ea

SHA256
b258c4d7d2113dee2168ed7e35568c8e03341e24e3eafc7a22a0d62e32122ef3

SHA512
5bf0c3b8fa5db63205a263c4fa5337188173248bef609ba4d03508c50db1fd1e336f3041ce96d78cc97659357a83e6e422f5b079d893a20a683270e05f5438df

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-D04BV.tmp\cc125966b004b72e9e043a577cd586e6.tmp

Filesize
688KB

MD5
67c5a4f36e1c91a3b85e440edd7ad026

SHA1
e49ea0e558ed682498cc61b3070e4c402fbf0912

SHA256
99c299d6565ab53d9af66e0146737dc0ecfbc52ecf4740825b552db0cc4210c6

SHA512
40522d4645ece0db9888ea40d1a11356aa5efc191184a0b97cb54a6c243532b1fc306e9095bbfa1f5dc02c8e52b709650230d1383532136e56caea3dc19a973e

Download Submit
memory/2388-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2388-39-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/3092-30-0x0000000006620000-0x0000000006621000-memory.dmp

Filesize
4KB

Download
memory/3092-31-0x0000000006630000-0x0000000006631000-memory.dmp

Filesize
4KB

Download
memory/3092-24-0x00000000065C0000-0x00000000065C1000-memory.dmp

Filesize
4KB

Download
memory/3092-22-0x00000000065A0000-0x00000000065A1000-memory.dmp

Filesize
4KB

Download
memory/3092-21-0x0000000006590000-0x0000000006591000-memory.dmp

Filesize
4KB

Download
memory/3092-26-0x00000000065E0000-0x00000000065E1000-memory.dmp

Filesize
4KB

Download
memory/3092-25-0x00000000065D0000-0x00000000065D1000-memory.dmp

Filesize
4KB

Download
memory/3092-27-0x00000000065F0000-0x00000000065F1000-memory.dmp

Filesize
4KB

Download
memory/3092-28-0x0000000006600000-0x0000000006601000-memory.dmp

Filesize
4KB

Download
memory/3092-29-0x0000000006610000-0x0000000006611000-memory.dmp

Filesize
4KB

Download
memory/3092-16-0x0000000003A70000-0x0000000003AAC000-memory.dmp

Filesize
240KB

Download
memory/3092-23-0x00000000065B0000-0x00000000065B1000-memory.dmp

Filesize
4KB

Download
memory/3092-32-0x0000000006640000-0x0000000006641000-memory.dmp

Filesize
4KB

Download
memory/3092-33-0x0000000006650000-0x0000000006651000-memory.dmp

Filesize
4KB

Download
memory/3092-35-0x0000000006670000-0x0000000006671000-memory.dmp

Filesize
4KB

Download
memory/3092-34-0x0000000006660000-0x0000000006661000-memory.dmp

Filesize
4KB

Download
memory/3092-36-0x0000000006680000-0x0000000006681000-memory.dmp

Filesize
4KB

Download
memory/3092-37-0x0000000006690000-0x0000000006691000-memory.dmp

Filesize
4KB

Download
memory/3092-38-0x00000000066A0000-0x00000000066A1000-memory.dmp

Filesize
4KB

Download
memory/3092-6-0x00000000006A0000-0x00000000006A1000-memory.dmp

Filesize
4KB

Download
memory/3092-40-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/3092-41-0x0000000003A70000-0x0000000003AAC000-memory.dmp

Filesize
240KB

Download
memory/3092-45-0x00000000006A0000-0x00000000006A1000-memory.dmp

Filesize
4KB

Download
memory/3092-81-0x0000000003A70000-0x0000000003AAC000-memory.dmp

Filesize
240KB

Download