Analysis
-
max time kernel
93s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
02/06/2024, 01:42
Static task
static1
Behavioral task
behavioral1
Sample
b7a728d562333ee68f47bb08687671a59385d78363afa9e45cc77c17f5e2798a.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
b7a728d562333ee68f47bb08687671a59385d78363afa9e45cc77c17f5e2798a.exe
Resource
win10v2004-20240426-en
General
-
Target
b7a728d562333ee68f47bb08687671a59385d78363afa9e45cc77c17f5e2798a.exe
-
Size
781KB
-
MD5
187771a5bd73ec8a48ce2cdde5eb9aa7
-
SHA1
8e4fc97b8467a595042eaa6c22f9b1a2e2a1c81a
-
SHA256
b7a728d562333ee68f47bb08687671a59385d78363afa9e45cc77c17f5e2798a
-
SHA512
bd37ca1744e011b75192fd776d849b29dd38a932e6c045e8fbff4774ef9ba30991f0d97f15d785a2df20169cf4803f51f3d353cb654b60a38cc802bbe6e65bbd
-
SSDEEP
12288:tT+WNw+pt1RmXpK2yJJWv0xGExGVryL+DHttMdkqWBRIuHa8KJLZmG19anY:tTEwCWG1ly6DNtMJWXp65LZmG19anY
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1792 3CDA.tmp -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2836 wrote to memory of 1792 2836 b7a728d562333ee68f47bb08687671a59385d78363afa9e45cc77c17f5e2798a.exe 83 PID 2836 wrote to memory of 1792 2836 b7a728d562333ee68f47bb08687671a59385d78363afa9e45cc77c17f5e2798a.exe 83 PID 2836 wrote to memory of 1792 2836 b7a728d562333ee68f47bb08687671a59385d78363afa9e45cc77c17f5e2798a.exe 83
Processes
-
C:\Users\Admin\AppData\Local\Temp\b7a728d562333ee68f47bb08687671a59385d78363afa9e45cc77c17f5e2798a.exe"C:\Users\Admin\AppData\Local\Temp\b7a728d562333ee68f47bb08687671a59385d78363afa9e45cc77c17f5e2798a.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2836 -
C:\Users\Admin\AppData\Local\Temp\3CDA.tmp"C:\Users\Admin\AppData\Local\Temp\3CDA.tmp"2⤵
- Executes dropped EXE
PID:1792
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
781KB
MD592a0ea32ca127b243b3a990e2e48af82
SHA16bd4db278fd974841bc89b603f045bea81eafd57
SHA2560797fa38bb318aba88355c9ff9a7116cd5c665d3a32dc756c951723121ddc038
SHA512cc9de528eb6e22642b41f441f0d67b7a48f9d49b1b30ce4065b4320e7abde40595ec87ba119bbb9eb1c809fb65a4140947080fc9ca26c4fc935cc4564083c389