Analysis
-
max time kernel
134s -
max time network
103s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
22-05-2024 23:22
Static task
static1
Behavioral task
behavioral1
Sample
789492590cfcf7de3c8b061a8ae7700b672f1f5205413ccab868777532c0921a.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
789492590cfcf7de3c8b061a8ae7700b672f1f5205413ccab868777532c0921a.exe
Resource
win10v2004-20240426-en
General
-
Target
789492590cfcf7de3c8b061a8ae7700b672f1f5205413ccab868777532c0921a.exe
-
Size
79KB
-
MD5
06c8a4ad83a005a0a8b16a74c427fcb2
-
SHA1
5b1a1a3ed8f123f407de571b31692cb6890e194c
-
SHA256
789492590cfcf7de3c8b061a8ae7700b672f1f5205413ccab868777532c0921a
-
SHA512
61cb1cc6fb916169e18e9b84a39365bd16bf857a05a643c8a3ec1f2ac84a28d01b05152ef78c863f42ba47d854d0a3ee328d5656fdf492e64e3addbb2f804da6
-
SSDEEP
1536:zvYONtUW2tbTs1OQA8AkqUhMb2nuy5wgIP0CSJ+5yLLB8GMGlZ5G:zvYODUTpfGdqU7uy5w9WMyLLN5G
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
pid process 2548 [email protected] -
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
789492590cfcf7de3c8b061a8ae7700b672f1f5205413ccab868777532c0921a.execmd.exedescription pid process target process PID 900 wrote to memory of 4320 900 789492590cfcf7de3c8b061a8ae7700b672f1f5205413ccab868777532c0921a.exe cmd.exe PID 900 wrote to memory of 4320 900 789492590cfcf7de3c8b061a8ae7700b672f1f5205413ccab868777532c0921a.exe cmd.exe PID 900 wrote to memory of 4320 900 789492590cfcf7de3c8b061a8ae7700b672f1f5205413ccab868777532c0921a.exe cmd.exe PID 4320 wrote to memory of 2548 4320 cmd.exe [email protected] PID 4320 wrote to memory of 2548 4320 cmd.exe [email protected] PID 4320 wrote to memory of 2548 4320 cmd.exe [email protected]
Processes
-
C:\Users\Admin\AppData\Local\Temp\789492590cfcf7de3c8b061a8ae7700b672f1f5205413ccab868777532c0921a.exe"C:\Users\Admin\AppData\Local\Temp\789492590cfcf7de3c8b061a8ae7700b672f1f5205413ccab868777532c0921a.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe
-
C:\Users\Admin\AppData\Local\Temp\[email protected]
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\[email protected]Filesize
79KB
MD525ebeaad423f1d20f9ebbb4227cb16eb
SHA144908f03b9800d95bd5e45555525f82615191ba0
SHA256e60172cf1c0d787fb78db711d60d517ce4a98ec062931f72584c0ff1eca308c1
SHA512251f933dfc54e06ceed99bea791fd792e3bc5be468b435b09d7a9c66e4a519fd36a159e0ebb638de82aa18453d9fb4340b95b6850c4b694e566f428cfadeea5a
-
memory/900-6-0x0000000000400000-0x000000000041B000-memory.dmpFilesize
108KB
-
memory/2548-5-0x0000000000400000-0x000000000041B000-memory.dmpFilesize
108KB