30e2ff276057f496c3430d15d2d4fd60fafcd67ae1d3a1ebfb50e5cb7575611e

Analysis

max time kernel
148s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
04/06/2024, 14:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

30e2ff276057f496c3430d15d2d4fd60fafcd67ae1d3a1ebfb50e5cb7575611e.exe
Size

13KB
MD5

f0d48de961838e6cc1155c3a681273d8
SHA1

79ddee7e07386bb1077545532695e71ef273f3be
SHA256

30e2ff276057f496c3430d15d2d4fd60fafcd67ae1d3a1ebfb50e5cb7575611e
SHA512

5cd98ce9857ee92fe2e00ec64f48f0a370d32b3408d3bd48ff000333b5779b9a0df51c0d842a2a22d4dcf11a336843e4edf6a9e608b0ff7e040f131deca99523
SSDEEP

192:tmyKI1lbFOYSJe6ZwXPZb161GjH24M5GLlxBP9Y2CKRy+fu2yyZrWlJdxqHXY1xS:EVW0Y2EPqkLlx9DZrWlJj+C4

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 12 IoCs

pid	Process
5004	242604145947359.exe
604	242604145957906.exe
392	242604150012109.exe
4468	242604150026421.exe
2992	242604150038484.exe
4168	242604150049000.exe
2032	242604150059421.exe
4916	242604150110156.exe
2828	242604150121687.exe
1924	242604150144984.exe
3060	242604150154625.exe
4596	242604150205203.exe

Suspicious use of WriteProcessMemory 48 IoCs

description	pid	Process	procid_target
PID 644 wrote to memory of 4196	644	30e2ff276057f496c3430d15d2d4fd60fafcd67ae1d3a1ebfb50e5cb7575611e.exe	93
PID 644 wrote to memory of 4196	644	30e2ff276057f496c3430d15d2d4fd60fafcd67ae1d3a1ebfb50e5cb7575611e.exe	93
PID 4196 wrote to memory of 5004	4196	cmd.exe	94
PID 4196 wrote to memory of 5004	4196	cmd.exe	94
PID 5004 wrote to memory of 464	5004	242604145947359.exe	95
PID 5004 wrote to memory of 464	5004	242604145947359.exe	95
PID 464 wrote to memory of 604	464	cmd.exe	96
PID 464 wrote to memory of 604	464	cmd.exe	96
PID 604 wrote to memory of 388	604	242604145957906.exe	98
PID 604 wrote to memory of 388	604	242604145957906.exe	98
PID 388 wrote to memory of 392	388	cmd.exe	99
PID 388 wrote to memory of 392	388	cmd.exe	99
PID 392 wrote to memory of 4376	392	242604150012109.exe	100
PID 392 wrote to memory of 4376	392	242604150012109.exe	100
PID 4376 wrote to memory of 4468	4376	cmd.exe	101
PID 4376 wrote to memory of 4468	4376	cmd.exe	101
PID 4468 wrote to memory of 4540	4468	242604150026421.exe	102
PID 4468 wrote to memory of 4540	4468	242604150026421.exe	102
PID 4540 wrote to memory of 2992	4540	cmd.exe	103
PID 4540 wrote to memory of 2992	4540	cmd.exe	103
PID 2992 wrote to memory of 924	2992	242604150038484.exe	104
PID 2992 wrote to memory of 924	2992	242604150038484.exe	104
PID 924 wrote to memory of 4168	924	cmd.exe	105
PID 924 wrote to memory of 4168	924	cmd.exe	105
PID 4168 wrote to memory of 3036	4168	242604150049000.exe	106
PID 4168 wrote to memory of 3036	4168	242604150049000.exe	106
PID 3036 wrote to memory of 2032	3036	cmd.exe	107
PID 3036 wrote to memory of 2032	3036	cmd.exe	107
PID 2032 wrote to memory of 4080	2032	242604150059421.exe	108
PID 2032 wrote to memory of 4080	2032	242604150059421.exe	108
PID 4080 wrote to memory of 4916	4080	cmd.exe	109
PID 4080 wrote to memory of 4916	4080	cmd.exe	109
PID 4916 wrote to memory of 1388	4916	242604150110156.exe	110
PID 4916 wrote to memory of 1388	4916	242604150110156.exe	110
PID 1388 wrote to memory of 2828	1388	cmd.exe	111
PID 1388 wrote to memory of 2828	1388	cmd.exe	111
PID 2828 wrote to memory of 2008	2828	242604150121687.exe	112
PID 2828 wrote to memory of 2008	2828	242604150121687.exe	112
PID 2008 wrote to memory of 1924	2008	cmd.exe	113
PID 2008 wrote to memory of 1924	2008	cmd.exe	113
PID 1924 wrote to memory of 3428	1924	242604150144984.exe	114
PID 1924 wrote to memory of 3428	1924	242604150144984.exe	114
PID 3428 wrote to memory of 3060	3428	cmd.exe	115
PID 3428 wrote to memory of 3060	3428	cmd.exe	115
PID 3060 wrote to memory of 4756	3060	242604150154625.exe	116
PID 3060 wrote to memory of 4756	3060	242604150154625.exe	116
PID 4756 wrote to memory of 4596	4756	cmd.exe	117
PID 4756 wrote to memory of 4596	4756	cmd.exe	117

C:\Users\Admin\AppData\Local\Temp\30e2ff276057f496c3430d15d2d4fd60fafcd67ae1d3a1ebfb50e5cb7575611e.exe
"C:\Users\Admin\AppData\Local\Temp\30e2ff276057f496c3430d15d2d4fd60fafcd67ae1d3a1ebfb50e5cb7575611e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:644
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604145947359.exe 000001
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4196
- - C:\Users\Admin\AppData\Local\Temp\242604145947359.exe
    C:\Users\Admin\AppData\Local\Temp\242604145947359.exe 000001
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:5004
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604145957906.exe 000002
      4⤵
      Suspicious use of WriteProcessMemory
      PID:464
    - - C:\Users\Admin\AppData\Local\Temp\242604145957906.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604145957906.exe 000002
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:604
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604150012109.exe 000003
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:388
        
        C:\Users\Admin\AppData\Local\Temp\242604150012109.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604150012109.exe 000003
        7⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:392
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604150026421.exe 000004
        8⤵
        Suspicious use of WriteProcessMemory
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\242604150026421.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604150026421.exe 000004
        9⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4468
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604150038484.exe 000005
        10⤵
        Suspicious use of WriteProcessMemory
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\242604150038484.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604150038484.exe 000005
        11⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2992
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604150049000.exe 000006
        12⤵
        Suspicious use of WriteProcessMemory
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\242604150049000.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604150049000.exe 000006
        13⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4168
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604150059421.exe 000007
        14⤵
        Suspicious use of WriteProcessMemory
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\242604150059421.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604150059421.exe 000007
        15⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2032
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604150110156.exe 000008
        16⤵
        Suspicious use of WriteProcessMemory
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\242604150110156.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604150110156.exe 000008
        17⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4916
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604150121687.exe 000009
        18⤵
        Suspicious use of WriteProcessMemory
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\242604150121687.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604150121687.exe 000009
        19⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2828
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604150144984.exe 00000a
        20⤵
        Suspicious use of WriteProcessMemory
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\242604150144984.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604150144984.exe 00000a
        21⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1924
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604150154625.exe 00000b
        22⤵
        Suspicious use of WriteProcessMemory
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\242604150154625.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604150154625.exe 00000b
        23⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3060
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604150205203.exe 00000c
        24⤵
        Suspicious use of WriteProcessMemory
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\242604150205203.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604150205203.exe 00000c
        25⤵
        Executes dropped EXE
        
        PID:4596

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\242604145947359.exe

Filesize
13KB

MD5
25a40509a316b44a5931c47a843c3ee7

SHA1
5812cb990cc7bc4b535ec6a5458cea260d3a9779

SHA256
b686a43a701c744d2fb646027bee46040f5b0882ff67d7db8277e339908120ec

SHA512
e97d6c4faea9239097162558c3bfc223d753d61a22462a02f396e2c7f5dc9ae1913bee0f677c18a0a6d73a280be870da932780ef3211af26d84df7742a81648c

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604145957906.exe

Filesize
13KB

MD5
6ea849a95a2ace750a9f17f2cd7ade57

SHA1
85cfd7160e7563db37489fcde2bace055cf49bcb

SHA256
e59c39ec64f8ea3a59854e0b1250f0a19d1f1145ba9e49560bfaf09107316e3a

SHA512
5bd488648970bd12a4b6c17356624c681af4f95caa0758949af33a78822f60db36d0c48c917d295ad8a94fbd9989d711364d1b29b4bfbc93bff209d6f691f5ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604150012109.exe

Filesize
12KB

MD5
c02844904e8d94cdaef4d186981baf59

SHA1
89d0965b7175f607266f904432046fd81b8c98ba

SHA256
eecdf306a3e23e97322bd0065c8d065a1d0b5e863e0d57736fe79835bd8efcb9

SHA512
9e23568e49c41b49dace1578d451c0b894fa3bde04b3080418d0865bf584e684b2d327bab05e4a426a833acf0c77f5ad76656e6c650e37d365073adc88633247

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604150026421.exe

Filesize
13KB

MD5
3907c34dae1b1321c60b4e98f4be4edb

SHA1
63f3ed54eae0d4bb0c1bcd0b7a00227b047f3b5f

SHA256
2a2a806de846ef4be59a62fd504eec33ed7b81e06f4dbc59d92dd9d7d5d63f51

SHA512
d4a553165ee38551404cd39eb553f7f62de38b906a66539cc6807b5d4eed9be199096a01a93b3a458b4355b983c6fd8ba05f119431cf6e06a33c75fbfdb55847

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604150038484.exe

Filesize
13KB

MD5
2fe28a2268e7369bf50cb60cdae78e7f

SHA1
3be8bad5cb85efca52fda1a9a0aec33d82ba2a1b

SHA256
d497a8aef5c596eb2d0654c6eafd5e35928270b649f6f68cbae1509a28b216d5

SHA512
be9a8fd632ec6a9669cb22fdc28a83ea1910ac0539897490a66d050d0edbf37e54827d6ed64f983e978db7ebe04ef502bd562cc94d6944abff4c49bc7d6398ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604150049000.exe

Filesize
13KB

MD5
e19a3e8b52e776396943f6033b478f80

SHA1
de3c35af8d15fe8ad2d7f4f63c41b457be917502

SHA256
c4ba454dcb44eb261441c47d34c29527a0b6284b8dfbf89ab36418947d57fe9e

SHA512
d9890c7244887231cfa3f5a0b03470184edf68fb4ef67343a31d6b9879a6c33577ce4e633fa8e72b7fa32a79ca2db63151f805f1fedb1ea901757a77ce4ccc4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604150059421.exe

Filesize
13KB

MD5
4b26103b2f052dee2f13ed9f88552e37

SHA1
760940dbad917fbae20d0d4be811e5fb987786ea

SHA256
5d88c7ef2b0f7947b35a018dcddc03d403ac43803eb3efa26a9227a25bd2b348

SHA512
c7ad324ec54a307fad7285ed7653e0ea6994cb8fdb7c1937b81cd0ae2e83a2e6f76267c477b4a71114781971a32a141e4b139ef9f5b59c00279d538503481103

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604150110156.exe

Filesize
12KB

MD5
54a4f21dc4e7cdcff7b159d5594d7aef

SHA1
4bf83b671c2ecf91840f1a1fdb946870a1899abb

SHA256
d9c6d8b14749fe2a3811cb5450f53cf0bb65d1ae934b37807c9b3f3438ab168f

SHA512
5694bd9708c2110d51870742839d2fc581dc65d5d5b9d885d8dfdc1356040099a6980b97d4d1b6d7f13c6595a74ee676a6fa360d2f9b684f9bcd31f17773a5b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604150121687.exe

Filesize
13KB

MD5
d4886d9c71cd6ca49114287e31b769d9

SHA1
184e38bd4500f6d4f7d13a2518bfd3ff2e328dad

SHA256
f95182e991899d11cf895c359ceee85986a7a11d03025006371e9d566b080db2

SHA512
2fe11b9e591c171efe7e2a576c0e0939c62adf944e7458b3d3914864d18332221ae5b3ee497fde02d63ba09790e8a165239168212352ce047ed7d0c5714e0870

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604150144984.exe

Filesize
13KB

MD5
3f8ca93ed8c92b408ff0b10bc64affe4

SHA1
adeffe0e5813c5c458df6e5b1b94fb4840b37c56

SHA256
f83b36f544c184179f543df22796acd4ed98048333769961e69d9fca31c67889

SHA512
fea570bfd56f3aa6368c5e98a1f57cb487e482f99a2e5d10c8df5d128d6e3e130f85e17a0d46b2bcf0dbc6b17740ae763b61bd8e9595345d3d094faccf44f9e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604150154625.exe

Filesize
13KB

MD5
9c534ad935b6eb832161130635222cb1

SHA1
2ae26e71983903b3802077f733ba53128bdcc5f4

SHA256
2c2225f6a98faf123a356c792ec3e04f59889407254af486b15db6ba0c82a30d

SHA512
85963a17660c97016a43486e98980ff3cab7ffb660702706b03ab6777d41ee0f47a7372ac9b57de79462850446c95203442ecf815b0afd93c7f5e9eeae0af5e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604150205203.exe

Filesize
12KB

MD5
489873d3ab1ff19960df954c124f1d62

SHA1
a818e2496e83d57c3f3e8eee1ae8d92c89cc3744

SHA256
c4398af8bdf0ccc7d3b0814d234effd4987fc01f1434cdde5f61190b7b8de320

SHA512
3d31b53e38c7af6e98f9d178c55034bf28e39b163230d4646258d0d771540ca3ab8416791bfba6e26e58cfd918fc7d8a1546ba22f2d264a4a74810bdc5906084

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads