Overview

overview

8

Static

static

3

cda5f51c89...fe.exe

windows7-x64

8

cda5f51c89...fe.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    141s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/03/2024, 09:01

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    cda5f51c8935b970869d84fc66e624fe.exe

  • Size

    10KB

  • MD5

    cda5f51c8935b970869d84fc66e624fe

  • SHA1

    0b11c853f8867c72db30fa6343f94fecaeb64dcb

  • SHA256

    5395a665d4bc95fcc6f62a52b81b1144f593362ad470ac8fb3361ba5c7ae06a4

  • SHA512

    3bdac7962f744f616791afad6fee83ced69fe611aa7c9dae109c36501586387925d4e014ab46bb22be2ef5f83639a42705d6c378905f9ec5d4df5d5271da0b3e

  • SSDEEP

    192:C4vTQYAx0mv5ONXLWvIE56Nd1WMZObDGcpjwMRe6f2kBlx6:RTQf4N7WQE5MfWuUyc2MRHvx6

Score
8/10

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • ACProtect 1.3x - 1.4x DLL software 2 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cda5f51c8935b970869d84fc66e624fe.exe
    "C:\Users\Admin\AppData\Local\Temp\cda5f51c8935b970869d84fc66e624fe.exe"
    1⤵
    • Drops file in Drivers directory
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:3224
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Windows\system32\ntoskrnl.dll , DllMain
      2⤵
      • Loads dropped DLL
      PID:4004

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\ntoskrnl.dll
          Filesize

          4KB

          MD5

          4dc55202e4cff2cde75adda67f85dde7

          SHA1

          d0d571cca6c2a8d005e4629967f5e98d357e9d89

          SHA256

          d112837ad1b015cf7bef6f2786d7df71e5f89b635b49068d1e8c4f8385abdaa2

          SHA512

          3d6a8e341e554a8f6a540cec110060edbdb84d49435fa0229ddf5dea9e0ca77372235998daefbef4ea589983f293d3cf65cf040c3f551840a986cd4f01ea6dff

          Download Submit

        • memory/3224-0-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/3224-3-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/4004-6-0x0000000010000000-0x0000000010009000-memory.dmp

          Filesize

          36KB

          Download