083efc1259395ec2cef035def44d9faa5e4099148c915c8800328cd6e2e8b369

Analysis

max time kernel
147s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
04-06-2024 18:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

083efc1259395ec2cef035def44d9faa5e4099148c915c8800328cd6e2e8b369.exe
Size

12KB
MD5

5d4208ea872113af295bcafbd3f58e0f
SHA1

95cab695dfea922b07bad103747d4b195f48c348
SHA256

083efc1259395ec2cef035def44d9faa5e4099148c915c8800328cd6e2e8b369
SHA512

a6f253be2e6990a8fe7c447a1c67ad2d4aeae51a0fad3f6e16093d6fcfb023b679f547e3850afc6f12bfcfbd28d688859613ed3659a8ad5c5ce2a14eca5a84cc
SSDEEP

192:E58V+I1yMk6B8F6s5Mi1KVtwxjgMOO6ksoPAYtp9Q4k05mi+4WlJdxqHt+1xdA:Edok6uB8fkscdkZi+4WlJj+S0

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 10 IoCs

pid	Process
3612	242604182541358.exe
3564	242604182551905.exe
1852	242604182602343.exe
2108	242604182614593.exe
5668	242604182626952.exe
736	242604182639280.exe
6108	242604182652186.exe
5524	242604182704390.exe
4548	242604182723202.exe
5040	242604182744233.exe

Suspicious use of WriteProcessMemory 40 IoCs

description	pid	Process	procid_target
PID 2816 wrote to memory of 740	2816	083efc1259395ec2cef035def44d9faa5e4099148c915c8800328cd6e2e8b369.exe	92
PID 2816 wrote to memory of 740	2816	083efc1259395ec2cef035def44d9faa5e4099148c915c8800328cd6e2e8b369.exe	92
PID 740 wrote to memory of 3612	740	cmd.exe	93
PID 740 wrote to memory of 3612	740	cmd.exe	93
PID 3612 wrote to memory of 4376	3612	242604182541358.exe	94
PID 3612 wrote to memory of 4376	3612	242604182541358.exe	94
PID 4376 wrote to memory of 3564	4376	cmd.exe	95
PID 4376 wrote to memory of 3564	4376	cmd.exe	95
PID 3564 wrote to memory of 3268	3564	242604182551905.exe	97
PID 3564 wrote to memory of 3268	3564	242604182551905.exe	97
PID 3268 wrote to memory of 1852	3268	cmd.exe	98
PID 3268 wrote to memory of 1852	3268	cmd.exe	98
PID 1852 wrote to memory of 2436	1852	242604182602343.exe	99
PID 1852 wrote to memory of 2436	1852	242604182602343.exe	99
PID 2436 wrote to memory of 2108	2436	cmd.exe	100
PID 2436 wrote to memory of 2108	2436	cmd.exe	100
PID 2108 wrote to memory of 2572	2108	242604182614593.exe	101
PID 2108 wrote to memory of 2572	2108	242604182614593.exe	101
PID 2572 wrote to memory of 5668	2572	cmd.exe	102
PID 2572 wrote to memory of 5668	2572	cmd.exe	102
PID 5668 wrote to memory of 632	5668	242604182626952.exe	103
PID 5668 wrote to memory of 632	5668	242604182626952.exe	103
PID 632 wrote to memory of 736	632	cmd.exe	104
PID 632 wrote to memory of 736	632	cmd.exe	104
PID 736 wrote to memory of 5636	736	242604182639280.exe	105
PID 736 wrote to memory of 5636	736	242604182639280.exe	105
PID 5636 wrote to memory of 6108	5636	cmd.exe	106
PID 5636 wrote to memory of 6108	5636	cmd.exe	106
PID 6108 wrote to memory of 5144	6108	242604182652186.exe	107
PID 6108 wrote to memory of 5144	6108	242604182652186.exe	107
PID 5144 wrote to memory of 5524	5144	cmd.exe	108
PID 5144 wrote to memory of 5524	5144	cmd.exe	108
PID 5524 wrote to memory of 4072	5524	242604182704390.exe	109
PID 5524 wrote to memory of 4072	5524	242604182704390.exe	109
PID 4072 wrote to memory of 4548	4072	cmd.exe	110
PID 4072 wrote to memory of 4548	4072	cmd.exe	110
PID 4548 wrote to memory of 4616	4548	242604182723202.exe	111
PID 4548 wrote to memory of 4616	4548	242604182723202.exe	111
PID 4616 wrote to memory of 5040	4616	cmd.exe	112
PID 4616 wrote to memory of 5040	4616	cmd.exe	112

C:\Users\Admin\AppData\Local\Temp\083efc1259395ec2cef035def44d9faa5e4099148c915c8800328cd6e2e8b369.exe
"C:\Users\Admin\AppData\Local\Temp\083efc1259395ec2cef035def44d9faa5e4099148c915c8800328cd6e2e8b369.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2816
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604182541358.exe 000001
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:740
- - C:\Users\Admin\AppData\Local\Temp\242604182541358.exe
    C:\Users\Admin\AppData\Local\Temp\242604182541358.exe 000001
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:3612
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604182551905.exe 000002
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4376
    - - C:\Users\Admin\AppData\Local\Temp\242604182551905.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604182551905.exe 000002
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3564
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604182602343.exe 000003
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\242604182602343.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604182602343.exe 000003
        7⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1852
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604182614593.exe 000004
        8⤵
        Suspicious use of WriteProcessMemory
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\242604182614593.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604182614593.exe 000004
        9⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2108
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604182626952.exe 000005
        10⤵
        Suspicious use of WriteProcessMemory
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\242604182626952.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604182626952.exe 000005
        11⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:5668
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604182639280.exe 000006
        12⤵
        Suspicious use of WriteProcessMemory
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\242604182639280.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604182639280.exe 000006
        13⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:736
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604182652186.exe 000007
        14⤵
        Suspicious use of WriteProcessMemory
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\242604182652186.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604182652186.exe 000007
        15⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:6108
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604182704390.exe 000008
        16⤵
        Suspicious use of WriteProcessMemory
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\242604182704390.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604182704390.exe 000008
        17⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:5524
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604182723202.exe 000009
        18⤵
        Suspicious use of WriteProcessMemory
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\242604182723202.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604182723202.exe 000009
        19⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4548
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604182744233.exe 00000a
        20⤵
        Suspicious use of WriteProcessMemory
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\242604182744233.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604182744233.exe 00000a
        21⤵
        Executes dropped EXE
        
        PID:5040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\242604182541358.exe

Filesize
12KB

MD5
708a1ab018d96ea3445820583f773bc9

SHA1
857f7e7af0053310b62a8f4917ac547056490f12

SHA256
2f375096c00e14cd54a1239849fadb74ce4048503aa54eb6ac93d51606dabefb

SHA512
0d906ab8895440ba4206e08967fdddd2d66de02b157baae7db60bfe79e1309a184dd87faeefd84aed8e15a5b4a7385207725a32910336148c4b438f888983b61

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604182551905.exe

Filesize
12KB

MD5
86cdee15ee79cdba811afce01c393975

SHA1
a29f8489233ec488ad31c29c4a0427d00a7cb215

SHA256
a082a1c3da69d515cf8f00c0e8e2c5471bba2afb9c0e9e1a3171718a11e842b3

SHA512
49f6951931faab45b0a6b44623f80d5b9f1d17dbc03580326ab71e4ddde721f7e65ed47fb649f80b75e6e92c2c0c3fd0c2f58d84946a476c1adc4578e672a9ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604182602343.exe

Filesize
13KB

MD5
1c2fecb10d620f819ab82482d6318bca

SHA1
34f8fb10249a6a704e64f96c660f20157169e8ff

SHA256
d1bc45e773d54432a28277fbe8e79139a090c4b2547f8f12f75f9e40d02758fb

SHA512
a74b2fe7ced46eb6d1366794ff2bc761ef199987d6e84d338ca82f6d8c2c577f08a12ec08992a72dab0257f5c5aa81b979b157f135928adf467f026ef9a5b98e

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604182614593.exe

Filesize
12KB

MD5
a64699ba7037cfae0e461304393a76d0

SHA1
c6b9133653f5d8fdc825870f247dc3372f3f3053

SHA256
f0a8ab3e3b16274baaeeb89d045fa59d91cc36fe74e5cb25ca96a118067fc805

SHA512
9ec8f799943be7df0435b2d357912b34dc1e18ce91407f515acd45dce9b47983c45c3c384dc885f1b18b24a68257233979e8760643fefc6790571fda26c402cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604182626952.exe

Filesize
12KB

MD5
5c4690bae0865ae975cd70710fde90d5

SHA1
9d3ddac6de68dfbbc2495ab1321accea9896402b

SHA256
c938bb72b39d25e3081c3fe5d5d26c95f657fbd2a166378cc537d8e03e6614c5

SHA512
03603e1b12d0d45034344928ba96f150217980ef12fd7caca41140942ff3e53e89eae165bc1df71330aa778a5f8383888c9ba39a75b6db48f5410f3bd694bc9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604182639280.exe

Filesize
13KB

MD5
cafa9d49e2d78285d39113b77ee75f5b

SHA1
09d0ed6581cff960d896728815e92d21bb8b3b65

SHA256
4c99c441dee1d9432481745e7366b3b49884717d60937d6401c1d2882d2c002e

SHA512
d2047e8de65be2067046a8cdf4a57ca1f7be0b341d8bf1f2249cb4bc9ca55c7079c69f9e81366e009fc854c25ce383149d5362573c214b3ef8d64563d4bd79d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604182652186.exe

Filesize
12KB

MD5
cd1ddb14b06f247a0697fecb7644fcbf

SHA1
0443e11123cefb0754c14119d90fd5ed31800832

SHA256
a14e40e3e98a0e69f2b60243f88b2cdafd772982c9b0f941013828980b753391

SHA512
c3d05c0b2cc5b76f69fd6866876342c312aaa19bcec10dcaec26a319d37efab8f16673ea30b568fdd815f51e3b725a5311e46a841b505a23c027544bfad63fcb

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604182704390.exe

Filesize
13KB

MD5
00a80f677b76a6334e49f0e9daa002e4

SHA1
a9bd2911140a631c2de045282a79774924792c79

SHA256
8b7b702f0d82d8a99821dd22b9cce364a91d57116d4bdd00ff5fadef427f5872

SHA512
af6dedc8b2cdaff8515834c04a6a1dab40e7ec5d0ec08d741a8f78484dc8d36fbbe009a4fb91c30180083775649b2f148c1481c5a86170cb82099085fa21056b

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604182723202.exe

Filesize
13KB

MD5
a288ee24333d6dc895e61d1da7392ddf

SHA1
66d15624f78901e1a808a759e3de69e608bb7fb5

SHA256
7d8637d6e925e0a2451cbde1ebcdd9499de0e194e2860dbd835c27a4a8a8551b

SHA512
37796de469d0694d1379a3308ddca2499f9b05751053c1aa813e59b8316c58833efd876d62c601929fa84d946e932868a2d9ff0f1601162176fe40ca9e5f7e28

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604182744233.exe

Filesize
12KB

MD5
46532fe523d739ff7afd54616c51c94f

SHA1
c8f789c6e43528c3064b62f81ae8dc8d9547145d

SHA256
2988628309ee8e61069d95fbfaaa157e4706700693da03e10b5222e504e1412d

SHA512
eae258a71817ae3eb5e1bf95c04f5ba3749799876967bfea1c3c20c97f0da58cda934f3d553fa98fb26cc4d960e57c29e51a69aded4524aa2cdfdde33c2acf34

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads