09a24a16508b9d1f45871f1fe13106fdba39ff056b2fed56892fde0d2fa9dfc2

Analysis

max time kernel
140s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
05/06/2024, 03:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e714d523a8db7665339db751a5742ecc8819799fd20946a5bd5ae190e5a0ee9c.exe
Size

13KB
MD5

c9cd999870167193c21619693dc3eabf
SHA1

8a92713aed49985198502811c88fd2f9616c9357
SHA256

e714d523a8db7665339db751a5742ecc8819799fd20946a5bd5ae190e5a0ee9c
SHA512

5ecdc76a9ee8b0742e3b255a639abeb85a3393e8bedf27a9c3e266754fb50d8b3a1e9b5ef5484b5f56fb37b2fa2a565d8f5120fcc69951b23db9281e26a0f6de
SSDEEP

192:g6KI16Bvet/iSpW6Z+QM/4YNtGcGsBGFNJP1GrlAp7tpEdiMGWlJdxqHbr321x:y/q/iGEfAvcUjWlJj+U

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 10 IoCs

pid	Process
3528	242605030804343.exe
408	242605030816061.exe
3764	242605030827702.exe
1304	242605030843483.exe
4412	242605030857905.exe
464	242605030911639.exe
3540	242605030926233.exe
436	242605030940311.exe
4016	242605030953561.exe
1580	242605031007718.exe

Suspicious use of WriteProcessMemory 40 IoCs

description	pid	Process	procid_target
PID 2524 wrote to memory of 3100	2524	e714d523a8db7665339db751a5742ecc8819799fd20946a5bd5ae190e5a0ee9c.exe	92
PID 2524 wrote to memory of 3100	2524	e714d523a8db7665339db751a5742ecc8819799fd20946a5bd5ae190e5a0ee9c.exe	92
PID 3100 wrote to memory of 3528	3100	cmd.exe	93
PID 3100 wrote to memory of 3528	3100	cmd.exe	93
PID 3528 wrote to memory of 2936	3528	242605030804343.exe	94
PID 3528 wrote to memory of 2936	3528	242605030804343.exe	94
PID 2936 wrote to memory of 408	2936	cmd.exe	95
PID 2936 wrote to memory of 408	2936	cmd.exe	95
PID 408 wrote to memory of 4756	408	242605030816061.exe	97
PID 408 wrote to memory of 4756	408	242605030816061.exe	97
PID 4756 wrote to memory of 3764	4756	cmd.exe	98
PID 4756 wrote to memory of 3764	4756	cmd.exe	98
PID 3764 wrote to memory of 4700	3764	242605030827702.exe	99
PID 3764 wrote to memory of 4700	3764	242605030827702.exe	99
PID 4700 wrote to memory of 1304	4700	cmd.exe	100
PID 4700 wrote to memory of 1304	4700	cmd.exe	100
PID 1304 wrote to memory of 4912	1304	242605030843483.exe	101
PID 1304 wrote to memory of 4912	1304	242605030843483.exe	101
PID 4912 wrote to memory of 4412	4912	cmd.exe	102
PID 4912 wrote to memory of 4412	4912	cmd.exe	102
PID 4412 wrote to memory of 1808	4412	242605030857905.exe	103
PID 4412 wrote to memory of 1808	4412	242605030857905.exe	103
PID 1808 wrote to memory of 464	1808	cmd.exe	104
PID 1808 wrote to memory of 464	1808	cmd.exe	104
PID 464 wrote to memory of 5032	464	242605030911639.exe	105
PID 464 wrote to memory of 5032	464	242605030911639.exe	105
PID 5032 wrote to memory of 3540	5032	cmd.exe	106
PID 5032 wrote to memory of 3540	5032	cmd.exe	106
PID 3540 wrote to memory of 3788	3540	242605030926233.exe	107
PID 3540 wrote to memory of 3788	3540	242605030926233.exe	107
PID 3788 wrote to memory of 436	3788	cmd.exe	108
PID 3788 wrote to memory of 436	3788	cmd.exe	108
PID 436 wrote to memory of 1592	436	242605030940311.exe	109
PID 436 wrote to memory of 1592	436	242605030940311.exe	109
PID 1592 wrote to memory of 4016	1592	cmd.exe	110
PID 1592 wrote to memory of 4016	1592	cmd.exe	110
PID 4016 wrote to memory of 2040	4016	242605030953561.exe	111
PID 4016 wrote to memory of 2040	4016	242605030953561.exe	111
PID 2040 wrote to memory of 1580	2040	cmd.exe	112
PID 2040 wrote to memory of 1580	2040	cmd.exe	112

C:\Users\Admin\AppData\Local\Temp\e714d523a8db7665339db751a5742ecc8819799fd20946a5bd5ae190e5a0ee9c.exe
"C:\Users\Admin\AppData\Local\Temp\e714d523a8db7665339db751a5742ecc8819799fd20946a5bd5ae190e5a0ee9c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2524
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242605030804343.exe 000001
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3100
- - C:\Users\Admin\AppData\Local\Temp\242605030804343.exe
    C:\Users\Admin\AppData\Local\Temp\242605030804343.exe 000001
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:3528
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242605030816061.exe 000002
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\242605030816061.exe
        
        C:\Users\Admin\AppData\Local\Temp\242605030816061.exe 000002
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:408
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242605030827702.exe 000003
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\242605030827702.exe
        
        C:\Users\Admin\AppData\Local\Temp\242605030827702.exe 000003
        7⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3764
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242605030843483.exe 000004
        8⤵
        Suspicious use of WriteProcessMemory
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\242605030843483.exe
        
        C:\Users\Admin\AppData\Local\Temp\242605030843483.exe 000004
        9⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1304
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242605030857905.exe 000005
        10⤵
        Suspicious use of WriteProcessMemory
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\242605030857905.exe
        
        C:\Users\Admin\AppData\Local\Temp\242605030857905.exe 000005
        11⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4412
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242605030911639.exe 000006
        12⤵
        Suspicious use of WriteProcessMemory
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\242605030911639.exe
        
        C:\Users\Admin\AppData\Local\Temp\242605030911639.exe 000006
        13⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:464
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242605030926233.exe 000007
        14⤵
        Suspicious use of WriteProcessMemory
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\242605030926233.exe
        
        C:\Users\Admin\AppData\Local\Temp\242605030926233.exe 000007
        15⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3540
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242605030940311.exe 000008
        16⤵
        Suspicious use of WriteProcessMemory
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\242605030940311.exe
        
        C:\Users\Admin\AppData\Local\Temp\242605030940311.exe 000008
        17⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:436
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242605030953561.exe 000009
        18⤵
        Suspicious use of WriteProcessMemory
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\242605030953561.exe
        
        C:\Users\Admin\AppData\Local\Temp\242605030953561.exe 000009
        19⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4016
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242605031007718.exe 00000a
        20⤵
        Suspicious use of WriteProcessMemory
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\242605031007718.exe
        
        C:\Users\Admin\AppData\Local\Temp\242605031007718.exe 00000a
        21⤵
        Executes dropped EXE
        
        PID:1580
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242605031019561.exe 00000b
        22⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\242605031019561.exe
        
        C:\Users\Admin\AppData\Local\Temp\242605031019561.exe 00000b
        23⤵
        
        PID:3240

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\242605030804343.exe

Filesize
12KB

MD5
de7f872b9d5a8764739fad5dda57838b

SHA1
5ceb433e58deef433cdffa86b67c244e5b67e6b1

SHA256
2ec0b7259465ba7ebbb9c0b387bd9772faea7f196c1c0e0ea83c23def7334191

SHA512
169dcaf21b73f72664b22b8358b1a9f9426d1387d18735b7ffb77804ec59e97b398d3cc6c7551db5ae147f65531a0268d7761d484288f5b3aa31866f1c8aaba9

Download Submit
C:\Users\Admin\AppData\Local\Temp\242605030816061.exe

Filesize
13KB

MD5
25db4e9a78b8f8a67fb4a5edfab0e0a9

SHA1
5083419f3a38b2dd067ddae1aacaea9378d865ab

SHA256
e98462f7b1109ad969b4463df1816d95e934b2d37326ea0929aa601cfd1bbc37

SHA512
ee954885442994192d75fa1b2e99bc16a4aca0b9239c683952683d0e3dff6de73c98db7ef919aa17060715e43864c04a36e7b651761aab83a8a769355a955d9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\242605030827702.exe

Filesize
12KB

MD5
9a10512f4f0e1f896c45369c4fd77628

SHA1
fb6f36502b3232007597309a4b39ea10432d0c23

SHA256
9fb86292a0d489da8ff1af2712acdc18298761f79f75080da1fd9430b34cfef7

SHA512
a69125e56384509a17143de47fda57e834e34cba4f049e4e1e6b9365c277f36b37580b4ae4ee17ab9d02603670cbeb8476563b0967d1f1acaafc5b469d309723

Download Submit
C:\Users\Admin\AppData\Local\Temp\242605030843483.exe

Filesize
13KB

MD5
88a9c317a7ed239d6bef9fc7fc862bfa

SHA1
ea4bed4dc917385294f0a459c4a05505710b60f7

SHA256
7e813d582e4ef0af96b7a8b21ae1e7f6c3a371b94b8652a0f2426706a0686dda

SHA512
ae35fe140f0d7346a90cd1402b9431bb81e143cb109de866352aefa2c5cdec4d0eb88d2291aee9314bed9d86c3002cece8d80348f386c3daabf87ac06f475fa6

Download Submit
C:\Users\Admin\AppData\Local\Temp\242605030857905.exe

Filesize
12KB

MD5
3cefe5b480ecc678451d3002d3b4b609

SHA1
799365b1e99c2adb481545e8f36a059253d7cd7a

SHA256
561e4c969590ea302bf8a288c062bd2071d007bfebda7a4634c620e2e89a4471

SHA512
8a069fae39bf5400862d801c0d83ac7bf8e4ece653a248e90cd0551bf7242903e3bce29260c16910558b33750889281be7e1dfc8a7e518c870e560ef7b36075f

Download Submit
C:\Users\Admin\AppData\Local\Temp\242605030911639.exe

Filesize
13KB

MD5
a15c89822d7f2408082bc8964cfbb450

SHA1
86ce88a76c9dec9152e668e6b45bf44efb1d34c0

SHA256
3896a90ab77ad22dee35ca7665a590dda354b4aa0e31fe1e65fe162556b84da2

SHA512
20b344347845dd18541b2f9b384e24bb3417300cc3790b743e758567580d4a2e44e58dcbab44e8bef0439e99e0d2a88e4bc23f488ad59754bdb45495b6cf5341

Download Submit
C:\Users\Admin\AppData\Local\Temp\242605030926233.exe

Filesize
14KB

MD5
54c5d4004ce672c8b90749f330eeed0a

SHA1
d882e58a76824b462f2a3536b6923b5ab8360c07

SHA256
8d0772728da999573251d82aeaa498bbe30cd8e1fe02498d4e260f543c1b61bc

SHA512
5e7f1489f4663b1e868f1571904d87912076b7e4338ba58702dc332daac130bcdfad5734c0eba712344f50167800b97bbcb0934e341269c3be3534f49dcae4ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\242605030940311.exe

Filesize
13KB

MD5
13c49a8cdab7b9e5a97898a4db8fa3b0

SHA1
c0aff22d23fedf679c81b7dd362dd495dc11618e

SHA256
0caee13e1cecfb33686f111d120f90e15b4fab59b400dd1f93080cbaa624003f

SHA512
b71a3be563c566e80c1e0d7dccc97b832e8814057cb724057c4b9c9114069ae3883d770c4011d14a6dec02ad361c81319c5fca38af1d504b5ae056825676fbd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\242605030953561.exe

Filesize
12KB

MD5
c254f72a0a918bce6be01557c938e243

SHA1
cd8a4c819cdbe92377aea7f4b03315e757de5a3a

SHA256
d4f4f07d65d5449493ad50345d15ea1eb862e317ff0e14adbf492e4a1ce5a448

SHA512
0c8216bda88caec5944ec86e32438af83a36f007bfeee7eb71ea65b3410df987588258f534c2db71ab3010f58e0e79e562ade8e0b7872a9c2b795e73e07db127

Download Submit
C:\Users\Admin\AppData\Local\Temp\242605031007718.exe

Filesize
13KB

MD5
ec3adee5f29f7c30e15a869cf66c0451

SHA1
9e0f88214007713fedb88ffd29e8cb8a5aebc866

SHA256
b6a1089fd0db5411ef7d350c3505f4b8b9a06818ef9e8630d8025db7c6aa14fd

SHA512
eb386e8e17d5a2273c6c82e28c7f3b3d0185db04bfc0d9b5b0891f0e1f57c8c8f09c5e51857351367a275b7abebb7e8e63581f377358c349786365699d8f106e

Download Submit
C:\Users\Admin\AppData\Local\Temp\242605031019561.exe

Filesize
12KB

MD5
3f0bf9988c9680ac3dd66665e4ff1fc7

SHA1
61b4b1abeacab150acab56749a89f6872976bcbc

SHA256
a012b996ececcfcf4339448a8e6ef5079d60c4a8fc1a34eedddfd5400a9a0171

SHA512
5fc7be84bf5353651a301c1b5213fa98ee5587031bbc53f441c4b2f1a61f9508e9aec0288ba6e599f26dbff02d932bce13a09bcf7ddb34fd867d0a38bdea749b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads