7ce992355c8310b93b15dc46bb23e3480748f840cbe1544435e7a341366724a7

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
05/06/2024, 15:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7ce992355c8310b93b15dc46bb23e3480748f840cbe1544435e7a341366724a7.exe
Size

13KB
MD5

8ddecbb38ec82418b1f4155616052546
SHA1

b73ab629531f97a180a317bb5ae9a35a5d38e4e5
SHA256

7ce992355c8310b93b15dc46bb23e3480748f840cbe1544435e7a341366724a7
SHA512

64376f9cd13afa87594a100045e9126350b4711d1d8b35904044b627e98c8f2b17cd1b460043fff78632fe779c8a1ca45b25d7d2b66b352e6e12ce1895b30df3
SSDEEP

192:h6KI16BvefwiSBW6Z+QM/4YNtGcGsBGFNJP1jOlAZjWpsVieTyTEWlJdxqHXaw1x:H/UwiOEfAvxssWlJj+f

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 9 IoCs

pid	Process
4556	242605151625324.exe
3032	242605151635246.exe
3664	242605151647293.exe
4616	242605151658355.exe
3068	242605151720371.exe
3000	242605151730121.exe
4288	242605151740402.exe
3276	242605151808262.exe
5064	242605151831449.exe

Suspicious use of WriteProcessMemory 36 IoCs

description	pid	Process	procid_target
PID 4968 wrote to memory of 2568	4968	7ce992355c8310b93b15dc46bb23e3480748f840cbe1544435e7a341366724a7.exe	90
PID 4968 wrote to memory of 2568	4968	7ce992355c8310b93b15dc46bb23e3480748f840cbe1544435e7a341366724a7.exe	90
PID 2568 wrote to memory of 4556	2568	cmd.exe	91
PID 2568 wrote to memory of 4556	2568	cmd.exe	91
PID 4556 wrote to memory of 2564	4556	242605151625324.exe	92
PID 4556 wrote to memory of 2564	4556	242605151625324.exe	92
PID 2564 wrote to memory of 3032	2564	cmd.exe	93
PID 2564 wrote to memory of 3032	2564	cmd.exe	93
PID 3032 wrote to memory of 1116	3032	242605151635246.exe	95
PID 3032 wrote to memory of 1116	3032	242605151635246.exe	95
PID 1116 wrote to memory of 3664	1116	cmd.exe	96
PID 1116 wrote to memory of 3664	1116	cmd.exe	96
PID 3664 wrote to memory of 2220	3664	242605151647293.exe	97
PID 3664 wrote to memory of 2220	3664	242605151647293.exe	97
PID 2220 wrote to memory of 4616	2220	cmd.exe	98
PID 2220 wrote to memory of 4616	2220	cmd.exe	98
PID 4616 wrote to memory of 1388	4616	242605151658355.exe	99
PID 4616 wrote to memory of 1388	4616	242605151658355.exe	99
PID 1388 wrote to memory of 3068	1388	cmd.exe	100
PID 1388 wrote to memory of 3068	1388	cmd.exe	100
PID 3068 wrote to memory of 3420	3068	242605151720371.exe	101
PID 3068 wrote to memory of 3420	3068	242605151720371.exe	101
PID 3420 wrote to memory of 3000	3420	cmd.exe	102
PID 3420 wrote to memory of 3000	3420	cmd.exe	102
PID 3000 wrote to memory of 3608	3000	242605151730121.exe	103
PID 3000 wrote to memory of 3608	3000	242605151730121.exe	103
PID 3608 wrote to memory of 4288	3608	cmd.exe	104
PID 3608 wrote to memory of 4288	3608	cmd.exe	104
PID 4288 wrote to memory of 1636	4288	242605151740402.exe	105
PID 4288 wrote to memory of 1636	4288	242605151740402.exe	105
PID 1636 wrote to memory of 3276	1636	cmd.exe	106
PID 1636 wrote to memory of 3276	1636	cmd.exe	106
PID 3276 wrote to memory of 1628	3276	242605151808262.exe	107
PID 3276 wrote to memory of 1628	3276	242605151808262.exe	107
PID 1628 wrote to memory of 5064	1628	cmd.exe	108
PID 1628 wrote to memory of 5064	1628	cmd.exe	108

C:\Users\Admin\AppData\Local\Temp\7ce992355c8310b93b15dc46bb23e3480748f840cbe1544435e7a341366724a7.exe
"C:\Users\Admin\AppData\Local\Temp\7ce992355c8310b93b15dc46bb23e3480748f840cbe1544435e7a341366724a7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4968
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242605151625324.exe 000001
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2568
- - C:\Users\Admin\AppData\Local\Temp\242605151625324.exe
    C:\Users\Admin\AppData\Local\Temp\242605151625324.exe 000001
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:4556
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242605151635246.exe 000002
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2564
    - - C:\Users\Admin\AppData\Local\Temp\242605151635246.exe
        
        C:\Users\Admin\AppData\Local\Temp\242605151635246.exe 000002
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3032
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242605151647293.exe 000003
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\242605151647293.exe
        
        C:\Users\Admin\AppData\Local\Temp\242605151647293.exe 000003
        7⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3664
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242605151658355.exe 000004
        8⤵
        Suspicious use of WriteProcessMemory
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\242605151658355.exe
        
        C:\Users\Admin\AppData\Local\Temp\242605151658355.exe 000004
        9⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4616
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242605151720371.exe 000005
        10⤵
        Suspicious use of WriteProcessMemory
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\242605151720371.exe
        
        C:\Users\Admin\AppData\Local\Temp\242605151720371.exe 000005
        11⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3068
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242605151730121.exe 000006
        12⤵
        Suspicious use of WriteProcessMemory
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\242605151730121.exe
        
        C:\Users\Admin\AppData\Local\Temp\242605151730121.exe 000006
        13⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3000
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242605151740402.exe 000007
        14⤵
        Suspicious use of WriteProcessMemory
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\242605151740402.exe
        
        C:\Users\Admin\AppData\Local\Temp\242605151740402.exe 000007
        15⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4288
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242605151808262.exe 000008
        16⤵
        Suspicious use of WriteProcessMemory
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\242605151808262.exe
        
        C:\Users\Admin\AppData\Local\Temp\242605151808262.exe 000008
        17⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3276
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242605151831449.exe 000009
        18⤵
        Suspicious use of WriteProcessMemory
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\242605151831449.exe
        
        C:\Users\Admin\AppData\Local\Temp\242605151831449.exe 000009
        19⤵
        Executes dropped EXE
        
        PID:5064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\242605151625324.exe

Filesize
12KB

MD5
82d049cb782834c12f050013e3fd03f6

SHA1
75f3c565cc80da6a34c11aad3b94ee5b33e257b7

SHA256
4f64fd71346a34390fc5e3c5e12aa48bf439c6dbd973e266cf22b900e02b781a

SHA512
2dd254b92659429c9818622281e3e5109a891b7ee8a6927fd843ec4f4aca1558e06bda1b123cd6c2443508b3567be1ac5a3c3bd85df4fede1b169467a52d26bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\242605151635246.exe

Filesize
13KB

MD5
8dfb3660aa7d4870a522d5789201dada

SHA1
48ca938af7cf8ea64d4878d2e805643973b5ba7a

SHA256
52eb4b2b3a40d821b1c93cdca42f2861bf276461b7f006e98284eb949948ba4c

SHA512
bdd8c6e5bccbaf3859858222bc2fc82cd9eca7e1674fd09de4e5657fa8d29d81f87dc79cc39cef579f8ac44c8d1502c105eed932e700b786890f1dcbf2a21f31

Download Submit
C:\Users\Admin\AppData\Local\Temp\242605151647293.exe

Filesize
13KB

MD5
6ad05fd1bfc51c20883fd91315b7d082

SHA1
9c26d15189290844ccbf0b1b0199c2bc771fff27

SHA256
e1a66fbeb1c4d8c6b1f7db8020fc5b80e7d86dcffab00ed86bf3575edc86336f

SHA512
b237aa64528b6a7dde4810bfd968c781e5c72f571313ae8f2800f4913bf9e75a92b3778893ec7735dbe8cbcf9cfece52c8b70467867aa0e4cc836c78a17c831a

Download Submit
C:\Users\Admin\AppData\Local\Temp\242605151658355.exe

Filesize
13KB

MD5
27d28c7dc0d6b5af0784583ccf847e5e

SHA1
f1a3a7af6117132dceec662f3d512f742de50a2e

SHA256
f589115ca588cc99d092b34622d4bbea1452f12324210b8eb71df6a550e8a03d

SHA512
bfcef4629e0c215d892d49972548cd4e922ab4cf631966c61ea8809a9581939dd405805b05829b05bd30e3cda312f2514689786d0d5a47031fb1f88ab1c6ad56

Download Submit
C:\Users\Admin\AppData\Local\Temp\242605151720371.exe

Filesize
12KB

MD5
03dc7fc5393b93f022329dedd9428fb3

SHA1
1f66a0c7bf54b608a702edd44ad4d4bbb2e9fb79

SHA256
770e6397664066a80ca4a7e71cade8cc488b66375f9062849d62684349d20c5d

SHA512
c94acffc9dc5fad3c8003ad146ab7fd47c4db388c11815e3e9707fda1e3c0b65ba5187e0e3f3c24c57b27e01d1db67e7f293f9367898b1b985f8d1e77fcaf0ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\242605151730121.exe

Filesize
13KB

MD5
5d399e1744b84955711221d6d9d9d92d

SHA1
19e44dd1da813e2e18112441ee613319713ce2ed

SHA256
5d2060af433f2d8e2089fec0ab2c93e713ab86b948d5664c9b58e2ee2aa1f931

SHA512
8f890eaedf78f4a920e80360ec890ddb2820a643afd2036e9ad018493bb8fe43064849961ce8fb183a58eabd4a0243b7ebfd29e76e5891ea5056c5101bb63485

Download Submit
C:\Users\Admin\AppData\Local\Temp\242605151740402.exe

Filesize
12KB

MD5
257e23b6e3209af15c70837ed1054868

SHA1
34dc94c1c09d824c8d263f630ce814ce0c88e1b6

SHA256
c40f883ab5644cc6aacd6750ec18228b45e331f7d2738405b67fa58d4d39679a

SHA512
bbeb31fe02f830c1f01d91a4d66404aeb231f00c3d098349eae17b87bf34a2b0b165ace8baeb595397d00fefb4e379c78247e388c9384243eb615eb93ce4d639

Download Submit
C:\Users\Admin\AppData\Local\Temp\242605151808262.exe

Filesize
13KB

MD5
57942accaf0a37e0a0427b18913959c3

SHA1
952dd662715d377d66df26f5b6300578866b8766

SHA256
fdc293ab2ef6625e25a0323ccb8e8aa4d81b7a16e50fc45ab1b26d3b9261741d

SHA512
c4f884d4b02ed314d9ca6cffe878f6a3a53b1851be122a2d643cf86a35d54115c10af8aa065ae67664f280f68c5d0c7dddebfbdbfe7b2074fae806a541a1b28c

Download Submit
C:\Users\Admin\AppData\Local\Temp\242605151831449.exe

Filesize
13KB

MD5
9cb982a5c0de2342939dc9b558bef578

SHA1
c6a4126703bdbf0e3abdb440b03ad9205c7a4a2e

SHA256
7f8007ddeadadda807b7f4ab1af7837d675b9a893d14dcb2166a40164051270b

SHA512
80f92cfb838dc938ebaed9d356cc0c961212844b44ab6e84e14bfdd234595635ac7acdb26489d6d7ef3945b3ca30eac298152e5455964eb43e62885cff1916a4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads