a9876987f3f1771278b056fae12921ac0a2efda91cd22d433b45a88d93188a28

Analysis

max time kernel
138s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
04/06/2024, 03:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

37e751d0264986347bf67717a9f5394e5b3fc828d7329694ce864d194a6e9b0c.exe
Size

12KB
MD5

e7e294cc7015552ddace754c6e05b061
SHA1

f6ec174d60c1df81b8148c95a145e8565e91004c
SHA256

37e751d0264986347bf67717a9f5394e5b3fc828d7329694ce864d194a6e9b0c
SHA512

b0f9e00dd0cc3f6812e969047d059ab94343715e22b534bd27d1d28cc4c5506b968c4605df74e34fbc74f66c8ed5a4355b2d3e2223cfbf83ed01b9a8dd7208b2
SSDEEP

192:rNSTT5ig9hSMF6a7gTVHIPfWnQpV3IFg5OFkS3LWlJdxqH7YrA:uPh3cmVAF5bWlJj+

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 14 IoCs

pid	Process
3328	240604033623300.exe
4144	242604033626566.exe
5024	242604033635862.exe
1684	242604033646113.exe
3076	242604033655253.exe
2648	242604033705159.exe
4228	242604033715519.exe
3184	242604033726081.exe
1212	242604033735753.exe
1884	242604033747175.exe
4556	242604033758706.exe
2656	242604033808941.exe
4628	242604033818081.exe
4704	242604033826987.exe

Suspicious use of WriteProcessMemory 56 IoCs

description	pid	Process	procid_target
PID 4624 wrote to memory of 744	4624	37e751d0264986347bf67717a9f5394e5b3fc828d7329694ce864d194a6e9b0c.exe	90
PID 4624 wrote to memory of 744	4624	37e751d0264986347bf67717a9f5394e5b3fc828d7329694ce864d194a6e9b0c.exe	90
PID 744 wrote to memory of 3328	744	cmd.exe	91
PID 744 wrote to memory of 3328	744	cmd.exe	91
PID 3328 wrote to memory of 1252	3328	240604033623300.exe	97
PID 3328 wrote to memory of 1252	3328	240604033623300.exe	97
PID 1252 wrote to memory of 4144	1252	cmd.exe	98
PID 1252 wrote to memory of 4144	1252	cmd.exe	98
PID 4144 wrote to memory of 3244	4144	242604033626566.exe	99
PID 4144 wrote to memory of 3244	4144	242604033626566.exe	99
PID 3244 wrote to memory of 5024	3244	cmd.exe	100
PID 3244 wrote to memory of 5024	3244	cmd.exe	100
PID 5024 wrote to memory of 5056	5024	242604033635862.exe	102
PID 5024 wrote to memory of 5056	5024	242604033635862.exe	102
PID 5056 wrote to memory of 1684	5056	cmd.exe	103
PID 5056 wrote to memory of 1684	5056	cmd.exe	103
PID 1684 wrote to memory of 1936	1684	242604033646113.exe	104
PID 1684 wrote to memory of 1936	1684	242604033646113.exe	104
PID 1936 wrote to memory of 3076	1936	cmd.exe	105
PID 1936 wrote to memory of 3076	1936	cmd.exe	105
PID 3076 wrote to memory of 2920	3076	242604033655253.exe	106
PID 3076 wrote to memory of 2920	3076	242604033655253.exe	106
PID 2920 wrote to memory of 2648	2920	cmd.exe	107
PID 2920 wrote to memory of 2648	2920	cmd.exe	107
PID 2648 wrote to memory of 4576	2648	242604033705159.exe	108
PID 2648 wrote to memory of 4576	2648	242604033705159.exe	108
PID 4576 wrote to memory of 4228	4576	cmd.exe	109
PID 4576 wrote to memory of 4228	4576	cmd.exe	109
PID 4228 wrote to memory of 4472	4228	242604033715519.exe	110
PID 4228 wrote to memory of 4472	4228	242604033715519.exe	110
PID 4472 wrote to memory of 3184	4472	cmd.exe	111
PID 4472 wrote to memory of 3184	4472	cmd.exe	111
PID 3184 wrote to memory of 1424	3184	242604033726081.exe	112
PID 3184 wrote to memory of 1424	3184	242604033726081.exe	112
PID 1424 wrote to memory of 1212	1424	cmd.exe	113
PID 1424 wrote to memory of 1212	1424	cmd.exe	113
PID 1212 wrote to memory of 3212	1212	242604033735753.exe	114
PID 1212 wrote to memory of 3212	1212	242604033735753.exe	114
PID 3212 wrote to memory of 1884	3212	cmd.exe	115
PID 3212 wrote to memory of 1884	3212	cmd.exe	115
PID 1884 wrote to memory of 2580	1884	242604033747175.exe	116
PID 1884 wrote to memory of 2580	1884	242604033747175.exe	116
PID 2580 wrote to memory of 4556	2580	cmd.exe	117
PID 2580 wrote to memory of 4556	2580	cmd.exe	117
PID 4556 wrote to memory of 2512	4556	242604033758706.exe	118
PID 4556 wrote to memory of 2512	4556	242604033758706.exe	118
PID 2512 wrote to memory of 2656	2512	cmd.exe	119
PID 2512 wrote to memory of 2656	2512	cmd.exe	119
PID 2656 wrote to memory of 4092	2656	242604033808941.exe	120
PID 2656 wrote to memory of 4092	2656	242604033808941.exe	120
PID 4092 wrote to memory of 4628	4092	cmd.exe	121
PID 4092 wrote to memory of 4628	4092	cmd.exe	121
PID 4628 wrote to memory of 3696	4628	242604033818081.exe	122
PID 4628 wrote to memory of 3696	4628	242604033818081.exe	122
PID 3696 wrote to memory of 4704	3696	cmd.exe	123
PID 3696 wrote to memory of 4704	3696	cmd.exe	123

C:\Users\Admin\AppData\Local\Temp\37e751d0264986347bf67717a9f5394e5b3fc828d7329694ce864d194a6e9b0c.exe
"C:\Users\Admin\AppData\Local\Temp\37e751d0264986347bf67717a9f5394e5b3fc828d7329694ce864d194a6e9b0c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4624
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\240604033623300.exe 000001
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:744
- - C:\Users\Admin\AppData\Local\Temp\240604033623300.exe
    C:\Users\Admin\AppData\Local\Temp\240604033623300.exe 000001
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:3328
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604033626566.exe 000002
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1252
    - - C:\Users\Admin\AppData\Local\Temp\242604033626566.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604033626566.exe 000002
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4144
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604033635862.exe 000003
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\242604033635862.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604033635862.exe 000003
        7⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:5024
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604033646113.exe 000004
        8⤵
        Suspicious use of WriteProcessMemory
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\242604033646113.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604033646113.exe 000004
        9⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1684
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604033655253.exe 000005
        10⤵
        Suspicious use of WriteProcessMemory
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\242604033655253.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604033655253.exe 000005
        11⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3076
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604033705159.exe 000006
        12⤵
        Suspicious use of WriteProcessMemory
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\242604033705159.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604033705159.exe 000006
        13⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2648
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604033715519.exe 000007
        14⤵
        Suspicious use of WriteProcessMemory
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\242604033715519.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604033715519.exe 000007
        15⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4228
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604033726081.exe 000008
        16⤵
        Suspicious use of WriteProcessMemory
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\242604033726081.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604033726081.exe 000008
        17⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3184
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604033735753.exe 000009
        18⤵
        Suspicious use of WriteProcessMemory
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\242604033735753.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604033735753.exe 000009
        19⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1212
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604033747175.exe 00000a
        20⤵
        Suspicious use of WriteProcessMemory
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\242604033747175.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604033747175.exe 00000a
        21⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1884
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604033758706.exe 00000b
        22⤵
        Suspicious use of WriteProcessMemory
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\242604033758706.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604033758706.exe 00000b
        23⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4556
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604033808941.exe 00000c
        24⤵
        Suspicious use of WriteProcessMemory
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\242604033808941.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604033808941.exe 00000c
        25⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2656
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604033818081.exe 00000d
        26⤵
        Suspicious use of WriteProcessMemory
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\242604033818081.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604033818081.exe 00000d
        27⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4628
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604033826987.exe 00000e
        28⤵
        Suspicious use of WriteProcessMemory
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\242604033826987.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604033826987.exe 00000e
        29⤵
        Executes dropped EXE
        
        PID:4704
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604033836613.exe 00000f
        30⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\242604033836613.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604033836613.exe 00000f
        31⤵
        
        PID:3352

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\240604033623300.exe

Filesize
13KB

MD5
5444c5565549bc323bd91f637b0991cb

SHA1
87c437adfa7cdbe6e07082f6c668aa488ac0065f

SHA256
5cbeb0c706d841ac41c6cc476e93f1ad9bdf2568e2e1475397a50582483aa0e4

SHA512
94290a424576401795d3cf04d39b3a09b61e8b3e72bd850d156236c190c16fb81a7c992ea27b64c57c04934e348fd0eaab39c41eedbf635f6e00453094c58213

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604033626566.exe

Filesize
13KB

MD5
ab62f3972d7962c7cb89930a7c4f197a

SHA1
82b4f6f551771c461ecb35e384b6d4141711245b

SHA256
0e7853b5c115a1bd01defdb5cf4b8d9019dd7daefdbe64902a6640ff657d3101

SHA512
d261652cb19e6c417dddd857e52f0d601dba5df59dc2677929523c1437df4770cde10eed1770e4e05d0a222d4aadda636cac3aa174785df6216a9cf099d05636

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604033635862.exe

Filesize
12KB

MD5
a2ecdd1e993f1b254f5ac5efdf50bfab

SHA1
808eb2575052d397ed2f3e7abf32bd279691018c

SHA256
398a8d9f291cc9697b0df4908edaa320fb755a0975b8754ffd8ba941d758dc8c

SHA512
98c08d26bab0cdb7655b109a3c585c7e6f0ec5e64b669382f90c4fbb4c156e0709b437f2fea9b8e5e91d899987296e47feef3bdaaeb30e9e7412211a96613af3

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604033646113.exe

Filesize
12KB

MD5
c3f7a5a8dba9cc401c9193e54aac84be

SHA1
1902a3c5a9301064472efe3361aa5bc56c04c098

SHA256
a9700686ac24102dd9b6f3fd99fedf6e5bdd99da45b9bb73db19c69def14b7b6

SHA512
c8c814bec5d6cf212d26c96131e7635afd378cda1084b78f821dcd3bee53e7c52f91f6d84558c5fb88fd13a81e32ae5958b8d5eb073eb99d0870c2c2d6d20abf

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604033655253.exe

Filesize
13KB

MD5
c0dc15c616d1b66db11e064443d6ea06

SHA1
320059dcede422eab35274763b65e06d8b4d5b41

SHA256
371b56c16f1b87dca4eb9bc9c3283f9dba061161f6cde45c1505cde532d0d6fc

SHA512
7e0c6d50d5185491d5d95f972fba11b379a247d107616e8a9b359d2a2328970f6d2fe2f4fa34354767ab348fa04edbfe4979eadfe6836a5a9df12166ab0356f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604033705159.exe

Filesize
13KB

MD5
12d3ff778b0993e7d88f9234f1c10f54

SHA1
e04d063403b68c31cf6d13108c8381ff4a1c8dbc

SHA256
2ebdc1e61e9abb9a93fbc7e9ccebf0e9d91b9dc31e3164b05580048454276121

SHA512
2ac32c3681849c41280f54920d78ae1b3257e7697b9606dd4dd808e3f743b3c93121905e211eaf72eb68889683309c118c3154820dcd41e1813e5f2a29006909

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604033715519.exe

Filesize
13KB

MD5
b865f276bdcd8215a06c40e117188a0d

SHA1
3cb226610918d8043f731506111dec668def71a2

SHA256
a5091e8de4d962816e4f4a3e9911ba679310ae4f09e958d7b87d914f944f2714

SHA512
30948ba0589867027dc367e686d417c5e70d90761c1715a300f3a87d1c1a136ec84f64bf65f265e168bacb010f7a052541252dd1de84a8331565394dc6ad22cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604033726081.exe

Filesize
13KB

MD5
a818de220786ee49c880a00abc1893cd

SHA1
281820688d1763cfb132456434f626e2edd0f27d

SHA256
2a5a20d8ab5999b21aafd47954926aa32cf6fde8e93518cdcafe52fcccadecd7

SHA512
0bb9535f565e2771fb94f272ca9b8ceef499eae5be8e82385d0d6ed7141880f1b8ece6551dad6e89a78d57f906f5e73d017523b3c1547890a5a83f3fe05ca52e

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604033735753.exe

Filesize
13KB

MD5
85209b434b7a7252d1bf4a1149e2ca2b

SHA1
e62d7fefff5bf95369459ec2a14b7be365e76bd8

SHA256
befaeaa861eca1796c1ef3f08dfd6aabfe92b2f0aa81013448eb085a19843c12

SHA512
0df72b7a5d43d5df7609421f80329b03773781a099285afce90005d52987950974fd77f4fa7f75bc19f7983a352cd912c18b5bd65f9c46fc5a03f405a69dcc3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604033747175.exe

Filesize
13KB

MD5
30c4acba49bc7ee35223f00fc8cbd243

SHA1
109c484cdf54784abe98ef160e966bf019baed53

SHA256
59e47dfc2fc9352562e6c1c979ded6c740b559ec8d9d50fe3036fdf48266a23d

SHA512
fc75d77b0bdf32acafa0a40ba2f9dcc41a767c5e66777ba2b6a306d4e7dde61128eba3d68b75a737b3fcacb45f98b359484006cd504d865add19be91ef3c7ea6

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604033758706.exe

Filesize
12KB

MD5
d4cedc853458c9ce1af0682f5457c991

SHA1
c67261839457589b9c4c5b2ee20c6650c818fa7d

SHA256
9948f2febf0b55e8951a2289ad42728056b7720068074800b6b401f5233f74e4

SHA512
2d7002619928aec7b2ad5d80ca6ec077bfd14e36ea23b791f07b084aa0a1cc937ddf831ed38544229674825c876ab58053d5b50696293d58212bb7f1e477a017

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604033808941.exe

Filesize
13KB

MD5
9a9db16581d9c7b770f89eb3b20f6081

SHA1
694fb0e2fca319139ef6ba2105e985fd60ff9d34

SHA256
8443517ae6e38f4cd91e2411a82e2804ba903cc9f535f561bd651910d7b44208

SHA512
4db679ad33310209f6188b34b64827b670f717305869cc0ca77982de5c4cc514d24cc1ca0dd6372ed6caaaeb7e2caaf90d9e1258900aba2a119b388a3d712219

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604033818081.exe

Filesize
13KB

MD5
1d668891b6e143ddc841df4ab74a4427

SHA1
780fd69d9961dfcf7dd024a55969b1c5cefbd387

SHA256
c87432b67b2855477d008f53bd9fa0977c7d8bb3d14970182bbb8646e6ab98c1

SHA512
6bbc583db764d1d23c6d56a703d7cb1eb20083513f6918d7dd833c72101b295c148abef42bcc732cfaa87663d11c39ef2dffe1afbe85ed057913bcd73f4ec617

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604033826987.exe

Filesize
13KB

MD5
6397ff353dd148b0d798349e54e74149

SHA1
5bdc95d9a96fddd3918c7dca7a3ab7ce1cdb38a5

SHA256
1632675f439b795e3cf670609b4f140269a96c8ed4ea38ff768bd02c55b5e305

SHA512
4a28c874ce8ac61e5ea5cb26ae66e8fbbc1475267c4811018b28c224678597087972420dbf3e62d7878d38e5be80bb83e9b456573a5c5b31e8e8dcd803bbff5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604033836613.exe

Filesize
12KB

MD5
ab650352ec953dccbbafc47fed232af5

SHA1
305c393a9ad0f4d1d5cfb99d2bf0c53ca0818dcc

SHA256
e59795aa331a7b03654b3d41dc6f0306b9d3ca1741d361c81bb5f398fbdf30e5

SHA512
b319053be3d5a0c3b663f318658c2ef0b044411a26bebf35113f2ded8946a9d7119a85dabb89d266fd7b325f3e07800198909cd116e47e0b81fb174335cbf642

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads