Analysis
-
max time kernel
141s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
23-05-2024 18:17
General
-
Target
CustomRP.1.17.23.exe
-
Size
6.3MB
-
MD5
a99a9fb817b4606921d44605af40ebb2
-
SHA1
e303d443a2af8b42f7a1a45f63154162cbcdea88
-
SHA256
843363a99401c36c59f68a53ce553f20b5d9784594c84f29ef392d377c59d601
-
SHA512
052e25991387ff04cdbb55baf98d127cce543c4a68e63aea218619f36a461b937905dc9c9e2ce8c2dad6c51d84d6b5df59b9fe6e491aac50228a77670013075d
-
SSDEEP
196608:OJz9afXiU2qS5D6AM6T7BuvHO9MQMJxO5KtTHCx7hX:5yUfS5D6AMIMvHdQMJxOotQ
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\CustomRP.1.17.23.exe"C:\Users\Admin\AppData\Local\Temp\CustomRP.1.17.23.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\is-SIACQ.tmp\CustomRP.1.17.23.tmp"C:\Users\Admin\AppData\Local\Temp\is-SIACQ.tmp\CustomRP.1.17.23.tmp" /SL5="$80064,5486148,1081856,C:\Users\Admin\AppData\Local\Temp\CustomRP.1.17.23.exe"2⤵
- Executes dropped EXE
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\is-SIACQ.tmp\CustomRP.1.17.23.tmpFilesize
3.3MB
MD517f9ef15358d89a33ae5cb23acb0a088
SHA1572f98dbfd178bf29dd25fd71f36dbd295c043d3
SHA2562ff7453779f5abc947cfac893ffac543d2fe33cbe6b1cbd9d915c9f51e469251
SHA512e55abb7a48ff8dfa151ffee816783a84c5c44f22c825e0fa28b5d7f22d559c9cb10570c5e6356d90883a991220684dc1dac279991b60a8390b1bc4a6d931af5a
-
memory/2832-6-0x0000000000400000-0x0000000000751000-memory.dmpFilesize
3.3MB
-
memory/2832-9-0x0000000000400000-0x0000000000751000-memory.dmpFilesize
3.3MB
-
memory/2976-0-0x0000000000400000-0x0000000000515000-memory.dmpFilesize
1.1MB
-
memory/2976-2-0x0000000000401000-0x00000000004B7000-memory.dmpFilesize
728KB
-
memory/2976-8-0x0000000000400000-0x0000000000515000-memory.dmpFilesize
1.1MB