Analysis

  • max time kernel
    144s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/04/2024, 18:50

General

  • Target

    Isisvideo.exe

  • Size

    55KB

  • MD5

    e75eef82eba9fb4946d6e9d42abd4fe5

  • SHA1

    e1bc20e9648028ceca5a5f27549ac0c13aeb23f4

  • SHA256

    edbf9376617abec8a3f8ca5726171917c6c690ca9471f38421cfcaab2e79a467

  • SHA512

    0869606a04aac1a46572e1366855cbb711e1bd92950dfb9924fc1cfb17188529e6bf542e9213d20373f86c0628f587efd9891ba8125a6992b61833c189fa5469

  • SSDEEP

    1536:x1qTXQOp6mG/Lqa823grKUfMQ7UnPQ1Bx:ozp6mOZ8ZhfNUnPQx

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Gathers network information 2 TTPs 2 IoCs

    Uses commandline utility to view network configuration.

  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Isisvideo.exe
    "C:\Users\Admin\AppData\Local\Temp\Isisvideo.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4312
    • C:\Windows\SysWOW64\CMD.exe
      CMD /C Copy C:\Users\Admin\AppData\Local\Temp\ISISVI~1.EXE C:\Users\Admin\AppData\Local\Temp\pokemon.exe
      2⤵
        PID:3008
      • C:\Windows\SysWOW64\CMD.exe
        CMD /C Start C:\Users\Admin\AppData\Local\Temp\pokemon.exe
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:4752
        • C:\Users\Admin\AppData\Local\Temp\pokemon.exe
          C:\Users\Admin\AppData\Local\Temp\pokemon.exe
          3⤵
          • Executes dropped EXE
          • Suspicious use of WriteProcessMemory
          PID:5068
          • C:\Windows\SysWOW64\ipconfig.exe
            ipconfig /flushdns
            4⤵
            • Gathers network information
            PID:3632
          • C:\Windows\SysWOW64\ipconfig.exe
            ipconfig /renew
            4⤵
            • Gathers network information
            PID:2188
          • C:\Windows\SysWOW64\CMD.exe
            CMD /C Start C:\Users\Admin\AppData\Local\{6L5UX~1\5l9geos5.exe
            4⤵
              PID:3360

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\pokemon.exe

        Filesize

        55KB

        MD5

        e75eef82eba9fb4946d6e9d42abd4fe5

        SHA1

        e1bc20e9648028ceca5a5f27549ac0c13aeb23f4

        SHA256

        edbf9376617abec8a3f8ca5726171917c6c690ca9471f38421cfcaab2e79a467

        SHA512

        0869606a04aac1a46572e1366855cbb711e1bd92950dfb9924fc1cfb17188529e6bf542e9213d20373f86c0628f587efd9891ba8125a6992b61833c189fa5469

      • C:\Users\Admin\AppData\Local\{6L5UX~1\5l9geos5.exe

        Filesize

        949B

        MD5

        8343187481d814c7da0e16fce6d1b508

        SHA1

        01e783291376c0cb6dbb465bf05934b1d067c894

        SHA256

        0632548940f934da53205441b68580638d9a93d57412d48c126bd7182a35424e

        SHA512

        98989b8f969b71d855b2abfb23d1f6cfe1f929cd087681ad80015d03a90be9f9d3e1b3cd3bf24a0d9d0af19d32cab3cbe7c566f1d408be965aa19c1af278dc38

      • memory/4312-6-0x0000000000400000-0x0000000000414000-memory.dmp

        Filesize

        80KB

      • memory/5068-20-0x0000000000400000-0x0000000000414000-memory.dmp

        Filesize

        80KB