Overview

overview

4

Static

static

1

cryptolaemus

windows10-2004-x64

4

cryptolaemus

windows11-21h2-x64

Analysis

  • max time kernel
    150s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/03/2024, 18:55

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b253f2cc3cafc35941d978a4d14b65610e641cb461e862fb0c155f3c30ce127a.exe

  • Size

    5.6MB

  • MD5

    fe469d9ce18f3bd33de41b8fd8701c4d

  • SHA1

    99411eab81e0d7e8607e8fe0f715f635e541e52a

  • SHA256

    b253f2cc3cafc35941d978a4d14b65610e641cb461e862fb0c155f3c30ce127a

  • SHA512

    5b40c5259d01944e718bb14b8e6b994f2ea5bd391058aa8d086033cd609cb54231c7e07b4ab307ecfd5be28936e1c5576d3448504b99d9ac05c5442e5e1e85d9

  • SSDEEP

    98304:lkLdjFeUa29WIx3N3oyqA2QbD15d5a8Nshbsm6gZ70pxm:mdjFe5W3NYvAlJ5vsBJfZwpk

Score
4/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b253f2cc3cafc35941d978a4d14b65610e641cb461e862fb0c155f3c30ce127a.exe
    "C:\Users\Admin\AppData\Local\Temp\b253f2cc3cafc35941d978a4d14b65610e641cb461e862fb0c155f3c30ce127a.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1276
    • C:\Users\Admin\AppData\Local\Temp\is-9P27S.tmp\b253f2cc3cafc35941d978a4d14b65610e641cb461e862fb0c155f3c30ce127a.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-9P27S.tmp\b253f2cc3cafc35941d978a4d14b65610e641cb461e862fb0c155f3c30ce127a.tmp" /SL5="$D0052,5025136,832512,C:\Users\Admin\AppData\Local\Temp\b253f2cc3cafc35941d978a4d14b65610e641cb461e862fb0c155f3c30ce127a.exe"
      2⤵
      • Executes dropped EXE
      PID:4524

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\is-9P27S.tmp\b253f2cc3cafc35941d978a4d14b65610e641cb461e862fb0c155f3c30ce127a.tmp
          Filesize

          3.1MB

          MD5

          ebec033f87337532b23d9398f649eec9

          SHA1

          c4335168ec2f70621f11f614fe24ccd16d15c9fb

          SHA256

          82fdd2282cf61cfa6155c51a82c4db79487ffeb377d0245d513edeb44d731c16

          SHA512

          3875c2dd9bbeb5be00c2ccf8391bcb92d328a3294ce5c2d31fd09f20d80e12bd610d5473dfc2e13962578e4bb75336615cdf16251489a31ecbe4873d09cf1b11

          Download Submit

        • memory/1276-0-0x0000000000400000-0x00000000004D8000-memory.dmp

          Filesize

          864KB

          Download

        • memory/1276-7-0x0000000000400000-0x00000000004D8000-memory.dmp

          Filesize

          864KB

          Download

        • memory/4524-5-0x0000000000A30000-0x0000000000A31000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4524-8-0x0000000000400000-0x000000000071C000-memory.dmp

          Filesize

          3.1MB

          Download

        • memory/4524-11-0x0000000000A30000-0x0000000000A31000-memory.dmp

          Filesize

          4KB

          Download