Analysis
-
max time kernel
119s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
30-05-2024 01:01
Behavioral task
behavioral1
Sample
0aa0dd946e722343b08540a7a0cf1c40.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0aa0dd946e722343b08540a7a0cf1c40.exe
Resource
win10v2004-20240426-en
General
-
Target
0aa0dd946e722343b08540a7a0cf1c40.exe
-
Size
5.8MB
-
MD5
0aa0dd946e722343b08540a7a0cf1c40
-
SHA1
8db0fc9b7e24f6c73aba7c54dea94569e6c5c615
-
SHA256
8ae39d58cf11900e7c6ddfcfce20c37e6e1820bd81b47787f8d47bab83e986ef
-
SHA512
c39f4c257a8faf6a2a0d6bdb05ab6c497750a22db88febbfe3c2e3c44776b7201ea23c0fe2ae2f4d0f7d001130b8d3372cd1adbd56ba1eea69ce793466ad7873
-
SSDEEP
98304:WvwH6P2uW5MI079g+DgeFahftplflf6dUwOEH6d8e6b0+hb5y94kAFq:WvwH6eL2V76+DgTNfwZHYY17Y4hw
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
0aa0dd946e722343b08540a7a0cf1c40.exepid process 2228 0aa0dd946e722343b08540a7a0cf1c40.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
0aa0dd946e722343b08540a7a0cf1c40.exedescription pid process target process PID 2812 wrote to memory of 2228 2812 0aa0dd946e722343b08540a7a0cf1c40.exe 0aa0dd946e722343b08540a7a0cf1c40.exe PID 2812 wrote to memory of 2228 2812 0aa0dd946e722343b08540a7a0cf1c40.exe 0aa0dd946e722343b08540a7a0cf1c40.exe PID 2812 wrote to memory of 2228 2812 0aa0dd946e722343b08540a7a0cf1c40.exe 0aa0dd946e722343b08540a7a0cf1c40.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\0aa0dd946e722343b08540a7a0cf1c40.exe"C:\Users\Admin\AppData\Local\Temp\0aa0dd946e722343b08540a7a0cf1c40.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2812 -
C:\Users\Admin\AppData\Local\Temp\0aa0dd946e722343b08540a7a0cf1c40.exe"C:\Users\Admin\AppData\Local\Temp\0aa0dd946e722343b08540a7a0cf1c40.exe"2⤵
- Loads dropped DLL
PID:2228
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4.2MB
MD5e9c0fbc99d19eeedad137557f4a0ab21
SHA18945e1811ceb4b26f21edcc7a36dcf2b1d34f0bf
SHA2565783c5c5a3ffce181691f19d27de376a03010d32e41360b72bcdbd28467cfcc5
SHA51274e1289683642ae2bc3cf780a07af1f27fed2011ef6cc67380f9c066c59d17a2fb2394a45a5c6cd75dad812a61093fdbd0f2108925f5c58fc6644c1c98be5c0b