Analysis

  • max time kernel
    148s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-05-2024 20:08

General

  • Target

    $TEMP/SU_lk78_setup_lg0597.exe

  • Size

    648KB

  • MD5

    322911f9d1f42fc32fa4f454ce397fc5

  • SHA1

    225c8eea86b79ab46bafc4bc6e77ee835dd05680

  • SHA256

    85c11981201ed48bf93924b0c747bfde0a3a368fdb8cb938a02da667e653a0a7

  • SHA512

    7c52c8384f13d8b273d1358a96469ff0102a11f60cfa8e79f300c380991eeb4a5e5be91eda3cf5f07ab95ad7366f5425469fe863a1b32fe8f3d689e1dad2bfc8

  • SSDEEP

    12288:ulBPW49JlJW2uTkuIdP2mg/L0YTKIK00DYN/w5ib6mjc0Z:uvPWaJvpuTkthyL0YTtdlN/w5iemfZ

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$TEMP\SU_lk78_setup_lg0597.exe
    "C:\Users\Admin\AppData\Local\Temp\$TEMP\SU_lk78_setup_lg0597.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:600
    • C:\Users\Admin\AppData\Local\Temp\is-4Q2NH.tmp\SU_lk78_setup_lg0597.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-4Q2NH.tmp\SU_lk78_setup_lg0597.tmp" /SL5="$A0030,317431,67072,C:\Users\Admin\AppData\Local\Temp\$TEMP\SU_lk78_setup_lg0597.exe"
      2⤵
      • Executes dropped EXE
      PID:1392

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-4Q2NH.tmp\SU_lk78_setup_lg0597.tmp

    Filesize

    711KB

    MD5

    d46e2d82589924a5dd132be8b5af79e6

    SHA1

    cfd7c1adaf4653342c27fa536d257fffb6cfa531

    SHA256

    6e35b0aa3c98d70737da7d4bb4ac8e798980c32ec1cd1162684b39b691770235

    SHA512

    944cc9b3b32b12db6564f0588ee3ed4c77110fe1f8bc2018733b34a71a3bc3b6771bfbe7a8805454aeb5e9de1e15941465675fad5517d80f14ad9fa461c67f59

  • memory/600-3-0x0000000000401000-0x000000000040C000-memory.dmp

    Filesize

    44KB

  • memory/600-0-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

  • memory/600-12-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

  • memory/1392-9-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

  • memory/1392-13-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB