b39e2f22eb2b7dc27ac28acee48d04f3c66e959ab33f27b4fc487b6a9ef2ca33

Analysis

max time kernel
144s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09-04-2024 20:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

da7d0db39ed42b11eb313c1a39231d76.exe
Size

2.4MB
MD5

da7d0db39ed42b11eb313c1a39231d76
SHA1

dcd8bd3e2d165b13622c6e66868b93bc4a628b94
SHA256

b39e2f22eb2b7dc27ac28acee48d04f3c66e959ab33f27b4fc487b6a9ef2ca33
SHA512

27570ed7e8c19b5aeb9aa17017e366691d3b2a29be83666cfdfe62643416e927e1d366d9b3fe16731ab1b18cb808ed7d693d6d97338404eb9e66e62b4de84765
SSDEEP

49152:yYvWhu0xfGrUg/wrDhmYcPRsCKWauGJWNsvsPuf3vVDtUoCOsX:yYvc3fGr0h9iRs+aXWe02X4oCR

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1448	setup.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4480 wrote to memory of 1448	4480	da7d0db39ed42b11eb313c1a39231d76.exe	87
PID 4480 wrote to memory of 1448	4480	da7d0db39ed42b11eb313c1a39231d76.exe	87
PID 4480 wrote to memory of 1448	4480	da7d0db39ed42b11eb313c1a39231d76.exe	87

C:\Users\Admin\AppData\Local\Temp\da7d0db39ed42b11eb313c1a39231d76.exe
"C:\Users\Admin\AppData\Local\Temp\da7d0db39ed42b11eb313c1a39231d76.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4480
- C:\Users\Admin\AppData\Local\Temp\TMPD0EC.tmp\setup.exe
  "C:\Users\Admin\AppData\Local\Temp\TMPD0EC.tmp\setup.exe"
  2⤵
  - Executes dropped EXE
  PID:1448

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\TMPD0EC.tmp\README.TXT

Filesize
1KB

MD5
3ee9ba0e9d1d6705472f330e299190b2

SHA1
8f856fa2c3748d815aed2ee5f9ade9da409f98a7

SHA256
2141e1bf3451cdc1e32f69bc1783d162d639fae05eac5f9ceff259099d5d29d5

SHA512
140dfba68f9170140f050abcd00acc5ef4b5fb5eee3c93a4f4e714d5a4a82d62924253cf64facfd9c0c187f6ed36929ee8cec4f9a44bef9de5fa5a2e4a53e6eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\TMPD0EC.tmp\SETUP.INI

Filesize
717B

MD5
9cc146ea8bc2979b86cd99ecbfa99da6

SHA1
d150930c52bd92fd0d868aa4b507a313cdc1afdd

SHA256
502cd092247f60110e8f44f55cc7fe0c7bbea1515bd13fc55a3635374b318fe5

SHA512
ea864fc93d6b2ff0908b9823f8ccd67062c39c44019779d588373f88d9292c2dd58639631227325729516b5d477e3a6873d74d379cbcfcb3ed48751e653e0470

Download Submit
C:\Users\Admin\AppData\Local\Temp\TMPD0EC.tmp\license.txt

Filesize
4KB

MD5
3e5426759604d8692224fc9416a93042

SHA1
84fad503c51f69e47ec7a30b607d87da74c4bdf1

SHA256
74b5714492f0de0a9ec3eccc462ffba642f8ac0a27f121304a81369da1e5204f

SHA512
4447fa283b55606c85b078ea7021c327642b625e40210b08750413a2dff543bf9f312d669805a94b4b3df2076a1fa485b3a73df199def4c4d361fc69567854a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\TMPD0EC.tmp\setup.exe

Filesize
148KB

MD5
ed3fdd4d4f10e154d5f7a25fe6668790

SHA1
7adea4c667e93b63a35b96fa5c17eee62223cbce

SHA256
fa7f6de07268bd824c54da17838d08022018fb4f6df3e589fa4dddc4244c7d16

SHA512
f9d68c7fec891caa2336f3cf6cf52bcf323ad180cdb5007ef831aafcb82c89c66cfb21173161333f1e86e36539ab16319fe16ecbcbdb60d8014b410594b8bdf9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads