Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
13/05/2024, 18:52
Static task
static1
Behavioral task
behavioral1
Sample
145b389b947821948eb1cc5c3f5b54944f8f810a665e451a0a4e8f2eeb95518a.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
145b389b947821948eb1cc5c3f5b54944f8f810a665e451a0a4e8f2eeb95518a.exe
Resource
win10v2004-20240426-en
General
-
Target
145b389b947821948eb1cc5c3f5b54944f8f810a665e451a0a4e8f2eeb95518a.exe
-
Size
4.2MB
-
MD5
29a6c9b3a26443f7a7d12457f0ffef7d
-
SHA1
6b53187be7410a591aa090ecee0afddd96e1c52f
-
SHA256
145b389b947821948eb1cc5c3f5b54944f8f810a665e451a0a4e8f2eeb95518a
-
SHA512
5c923b748d7a001b038e8ecfdfaa4a9a6eb804137b120bc7ffe0bc22d49c662713c4a06a9dc9e342f8f0024012711c5a1a1f91487bc32be8a60e859caca9f6d0
-
SSDEEP
98304:Cmhd1UryeaAR7i3yVLUjH5oxFbxhVLUjH5oxFbx:Cl6sVUjZEdhVUjZEd
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2536 43DF.tmp -
Executes dropped EXE 1 IoCs
pid Process 2536 43DF.tmp -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 5032 wrote to memory of 2536 5032 145b389b947821948eb1cc5c3f5b54944f8f810a665e451a0a4e8f2eeb95518a.exe 85 PID 5032 wrote to memory of 2536 5032 145b389b947821948eb1cc5c3f5b54944f8f810a665e451a0a4e8f2eeb95518a.exe 85 PID 5032 wrote to memory of 2536 5032 145b389b947821948eb1cc5c3f5b54944f8f810a665e451a0a4e8f2eeb95518a.exe 85
Processes
-
C:\Users\Admin\AppData\Local\Temp\145b389b947821948eb1cc5c3f5b54944f8f810a665e451a0a4e8f2eeb95518a.exe"C:\Users\Admin\AppData\Local\Temp\145b389b947821948eb1cc5c3f5b54944f8f810a665e451a0a4e8f2eeb95518a.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:5032 -
C:\Users\Admin\AppData\Local\Temp\43DF.tmp"C:\Users\Admin\AppData\Local\Temp\43DF.tmp" --splashC:\Users\Admin\AppData\Local\Temp\145b389b947821948eb1cc5c3f5b54944f8f810a665e451a0a4e8f2eeb95518a.exe C3F07C420C5F043B603EA719781888BCE387DEEF520DD65E9DCBE3877A7E9A68886CDE8E5D67CFF16FD2D51697F585F16CA7F3F5D5DD94F140EB2854A26B25F12⤵
- Deletes itself
- Executes dropped EXE
PID:2536
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4.2MB
MD5185508dcd181df1120ca6c38851b0d3a
SHA16451766e7d19196e80f6065cbef7984b7ae3616c
SHA2561a29324a0ea18f53717dcbde8a62b8d92f0bc7f7cf50c993910c5105b52c4a91
SHA512a37f02e9fdfe783fc0f4b81b279ad441adcd36ae1c282d7c8e366dc0791253be2970f5209fb0822fe249e46ed89040c7245d48b740805c1c74f476e3a3217f26