Analysis
-
max time kernel
139s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
22-05-2024 03:21
Static task
static1
Behavioral task
behavioral1
Sample
944a49f57452c4f58aa85e1a2b1e5b33f8e7a142f3cdd07cce7dcd99a3090dce.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
944a49f57452c4f58aa85e1a2b1e5b33f8e7a142f3cdd07cce7dcd99a3090dce.exe
Resource
win10v2004-20240508-en
General
-
Target
944a49f57452c4f58aa85e1a2b1e5b33f8e7a142f3cdd07cce7dcd99a3090dce.exe
-
Size
79KB
-
MD5
60701ea7084819139079a760b26273ac
-
SHA1
ff8f5f906b54f3d5fbbe422dcd11a693ea1a36cf
-
SHA256
944a49f57452c4f58aa85e1a2b1e5b33f8e7a142f3cdd07cce7dcd99a3090dce
-
SHA512
67f7984259a607abe69015e505a6da24e6f0d551791b4460684b9215a36d6a658ec718c6f07defcf4e48ad7898e291c8cec5f46d9cd5df30181d3278c25e0d6a
-
SSDEEP
1536:zv3JmHlv340W6OQA8AkqUhMb2nuy5wgIP0CSJ+5yRB8GMGlZ5G:zvZmHlvfWPGdqU7uy5w9WMyRN5G
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
pid process 1984 [email protected] -
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
944a49f57452c4f58aa85e1a2b1e5b33f8e7a142f3cdd07cce7dcd99a3090dce.execmd.exedescription pid process target process PID 4964 wrote to memory of 3600 4964 944a49f57452c4f58aa85e1a2b1e5b33f8e7a142f3cdd07cce7dcd99a3090dce.exe cmd.exe PID 4964 wrote to memory of 3600 4964 944a49f57452c4f58aa85e1a2b1e5b33f8e7a142f3cdd07cce7dcd99a3090dce.exe cmd.exe PID 4964 wrote to memory of 3600 4964 944a49f57452c4f58aa85e1a2b1e5b33f8e7a142f3cdd07cce7dcd99a3090dce.exe cmd.exe PID 3600 wrote to memory of 1984 3600 cmd.exe [email protected] PID 3600 wrote to memory of 1984 3600 cmd.exe [email protected] PID 3600 wrote to memory of 1984 3600 cmd.exe [email protected]
Processes
-
C:\Users\Admin\AppData\Local\Temp\944a49f57452c4f58aa85e1a2b1e5b33f8e7a142f3cdd07cce7dcd99a3090dce.exe"C:\Users\Admin\AppData\Local\Temp\944a49f57452c4f58aa85e1a2b1e5b33f8e7a142f3cdd07cce7dcd99a3090dce.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe
-
C:\Users\Admin\AppData\Local\Temp\[email protected]
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4340,i,17096020621006928097,15544233752327415349,262144 --variations-seed-version --mojo-platform-channel-handle=3972 /prefetch:81⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\[email protected]Filesize
79KB
MD504105d660c34569a7b0ef461d44dc9cf
SHA19d956dbf0ce1e3ac529610af878ea99a6238c526
SHA256cfb18086aeab81f1031c442f93ebe9e250c81ef4af0cc3239889434f0e0a352f
SHA5121fe48d5d7ff734b844f266abbdfb6859deaee579ca6a3d86ba5ebb24cbb4e0ab7755d6ba94788308121763c9a21277abbd49026bfb6b09b7d8e893afec320f82
-
memory/1984-5-0x0000000000400000-0x000000000041B000-memory.dmpFilesize
108KB
-
memory/4964-6-0x0000000000400000-0x000000000041B000-memory.dmpFilesize
108KB