Analysis

  • max time kernel
    142s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-04-2024 06:09

General

  • Target

    59195ef2b4eba73748115fab9291ae3a7bc390f1e450f2037e5dfdf818c0ef5f.exe

  • Size

    5.8MB

  • MD5

    42540d763e2a86afafdfafefa148f6a3

  • SHA1

    a4b73cf5cc73ac23bbc2e244f3f588beba1c1f0f

  • SHA256

    59195ef2b4eba73748115fab9291ae3a7bc390f1e450f2037e5dfdf818c0ef5f

  • SHA512

    ae8d1a3180df54905f1488b9368aa96828ee4dd202d8fbd41bd133104e44470ac9e4eeb856b87735fb0ebd9013bde2cbc0c93546e95172e042838d118ed695a4

  • SSDEEP

    98304:ykL2O7g1QAwx2ILfi3ecuP5FHmpURWNSQiTOt29s4C1eH9n:d2OeW2wFlnuI6t5o9n

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\59195ef2b4eba73748115fab9291ae3a7bc390f1e450f2037e5dfdf818c0ef5f.exe
    "C:\Users\Admin\AppData\Local\Temp\59195ef2b4eba73748115fab9291ae3a7bc390f1e450f2037e5dfdf818c0ef5f.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1376
    • C:\Users\Admin\AppData\Local\Temp\is-IAUGU.tmp\59195ef2b4eba73748115fab9291ae3a7bc390f1e450f2037e5dfdf818c0ef5f.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-IAUGU.tmp\59195ef2b4eba73748115fab9291ae3a7bc390f1e450f2037e5dfdf818c0ef5f.tmp" /SL5="$5021C,5137597,832512,C:\Users\Admin\AppData\Local\Temp\59195ef2b4eba73748115fab9291ae3a7bc390f1e450f2037e5dfdf818c0ef5f.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:2644
      • C:\Windows\system32\cmd.exe
        "C:\Windows\system32\cmd.exe" /C dotnet --list-runtimes > "C:\Users\Admin\AppData\Local\Temp\is-PDD75.tmp\dotnet.txt" 2>&1
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:868
        • C:\Program Files\dotnet\dotnet.exe
          dotnet --list-runtimes
          4⤵
            PID:3184

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\is-IAUGU.tmp\59195ef2b4eba73748115fab9291ae3a7bc390f1e450f2037e5dfdf818c0ef5f.tmp

      Filesize

      3.1MB

      MD5

      ee296b2e0a935aa6a1bb7344673cd74a

      SHA1

      febf43c2f460e4d50beb2d06011a6b59eb3f5944

      SHA256

      27f5c273960827096d3167cb43ca06a56f7822ff18e7bf22a99a7d49ca2cbb0c

      SHA512

      858714a1c82e233555349ec50930bf2b6a351239174613f0d70439e4d444522e8cb48871d6ae32fe7fbde9c20b34cce699d15e0a0175ef6c8e3dee1d449faa97

    • C:\Users\Admin\AppData\Local\Temp\is-PDD75.tmp\dotnet.txt

      Filesize

      366B

      MD5

      1075c141a2530622f98be53ecefe24e2

      SHA1

      27039fdf81b61156f5286dbca9741ba639933baa

      SHA256

      de15e864f69de3017a002c84dbae0448010f8d67b96fc39d613a171e414555aa

      SHA512

      66f5fc762c1085706bf7c006a2dbff7aa7b9d89cfba8c3ecaae6ef36a1201f4de7e09237919aafe9bf593e1b73ee063d401695cd6054dce8bb24cde9e35e0270

    • memory/1376-0-0x0000000000400000-0x00000000004D8000-memory.dmp

      Filesize

      864KB

    • memory/1376-10-0x0000000000400000-0x00000000004D8000-memory.dmp

      Filesize

      864KB

    • memory/2644-5-0x0000000002720000-0x0000000002721000-memory.dmp

      Filesize

      4KB

    • memory/2644-11-0x0000000000400000-0x000000000071C000-memory.dmp

      Filesize

      3.1MB

    • memory/2644-14-0x0000000002720000-0x0000000002721000-memory.dmp

      Filesize

      4KB