79e5ebe24403aa8926d8c63fb4f92b8bba3e6ab420d497797c945b5c1b28e023 | Triage

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
18-03-2024 20:37

Sharing

Report Analysis Logs

General

Target

d478b7ef959229c173769377f6c98967.exe
Size

113KB
MD5

d478b7ef959229c173769377f6c98967
SHA1

6b2fe3a69e0b3b3c4e76d3729e9f9ab036633bb2
SHA256

79e5ebe24403aa8926d8c63fb4f92b8bba3e6ab420d497797c945b5c1b28e023
SHA512

00c445f2d4f2b0394cfef95780f62338aa19236aa665deb764bd5537c166c6a4b07affc2364bf748a3e0a0aa8b41c4855da2633849f6246f8ec017c8ae57cbe5
SSDEEP

3072:HBHlzvXs3x03deS6g5D7I55SYTcLryzSzv:HcxszM5p22zS

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\system32\spool\PRTPROCS\x64\CEIQ93cE9.dll	d478b7ef959229c173769377f6c98967.exe
File opened for modification	C:\Windows\system32\spool\PRTPROCS\x64\CEIQ93cE9.dll	d478b7ef959229c173769377f6c98967.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4700	d478b7ef959229c173769377f6c98967.exe

C:\Users\Admin\AppData\Local\Temp\d478b7ef959229c173769377f6c98967.exe
"C:\Users\Admin\AppData\Local\Temp\d478b7ef959229c173769377f6c98967.exe"
1⤵
- Drops file in System32 directory
- Suspicious behavior: RenamesItself
PID:4700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4700-0-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4700-1-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4700-2-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4700-5-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download