d11e998a5ef73fd383f0c551ff5ed6efbde0ce5a88dd1266797046f4e5dfc37b

Analysis

max time kernel
150s
max time network
157s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
07-06-2024 06:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d11e998a5ef73fd383f0c551ff5ed6efbde0ce5a88dd1266797046f4e5dfc37b.exe
Size

12KB
MD5

1fb3563713730ecf525db0415f2fce77
SHA1

534dd1e2de2bd67fdb26b1258ae2eb43ee14c040
SHA256

d11e998a5ef73fd383f0c551ff5ed6efbde0ce5a88dd1266797046f4e5dfc37b
SHA512

f57d9cb96291ff4c2d1a33b972cf301efa6c8a9bc1d355d39831c79be00ccda4724539487b4f385691fd76cef456351c89b8002404d77e716b4e3b383c6f29ef
SSDEEP

192:u2KI16BD1TkVHzM96o+zv/vYgt3CTnx0bkPxjNqWKBQJVpgkWlJdxqHs1x:gJ1mHYfnq2DJfgkWlJj+2

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 7 IoCs

pid	Process
1356	242607062209350.exe
1248	242607062255990.exe
1056	242607062311350.exe
2832	242607062323334.exe
3180	242607062337037.exe
1060	242607062409850.exe
1524	242607062423631.exe

Suspicious use of WriteProcessMemory 28 IoCs

description	pid	Process	procid_target
PID 3640 wrote to memory of 4408	3640	d11e998a5ef73fd383f0c551ff5ed6efbde0ce5a88dd1266797046f4e5dfc37b.exe	77
PID 3640 wrote to memory of 4408	3640	d11e998a5ef73fd383f0c551ff5ed6efbde0ce5a88dd1266797046f4e5dfc37b.exe	77
PID 4408 wrote to memory of 1356	4408	cmd.exe	78
PID 4408 wrote to memory of 1356	4408	cmd.exe	78
PID 1356 wrote to memory of 1128	1356	242607062209350.exe	79
PID 1356 wrote to memory of 1128	1356	242607062209350.exe	79
PID 1128 wrote to memory of 1248	1128	cmd.exe	80
PID 1128 wrote to memory of 1248	1128	cmd.exe	80
PID 1248 wrote to memory of 1688	1248	242607062255990.exe	81
PID 1248 wrote to memory of 1688	1248	242607062255990.exe	81
PID 1688 wrote to memory of 1056	1688	cmd.exe	82
PID 1688 wrote to memory of 1056	1688	cmd.exe	82
PID 1056 wrote to memory of 1932	1056	242607062311350.exe	83
PID 1056 wrote to memory of 1932	1056	242607062311350.exe	83
PID 1932 wrote to memory of 2832	1932	cmd.exe	84
PID 1932 wrote to memory of 2832	1932	cmd.exe	84
PID 2832 wrote to memory of 2740	2832	242607062323334.exe	85
PID 2832 wrote to memory of 2740	2832	242607062323334.exe	85
PID 2740 wrote to memory of 3180	2740	cmd.exe	86
PID 2740 wrote to memory of 3180	2740	cmd.exe	86
PID 3180 wrote to memory of 596	3180	242607062337037.exe	87
PID 3180 wrote to memory of 596	3180	242607062337037.exe	87
PID 596 wrote to memory of 1060	596	cmd.exe	88
PID 596 wrote to memory of 1060	596	cmd.exe	88
PID 1060 wrote to memory of 2568	1060	242607062409850.exe	89
PID 1060 wrote to memory of 2568	1060	242607062409850.exe	89
PID 2568 wrote to memory of 1524	2568	cmd.exe	90
PID 2568 wrote to memory of 1524	2568	cmd.exe	90

C:\Users\Admin\AppData\Local\Temp\d11e998a5ef73fd383f0c551ff5ed6efbde0ce5a88dd1266797046f4e5dfc37b.exe
"C:\Users\Admin\AppData\Local\Temp\d11e998a5ef73fd383f0c551ff5ed6efbde0ce5a88dd1266797046f4e5dfc37b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3640
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242607062209350.exe 000001
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4408
- - C:\Users\Admin\AppData\Local\Temp\242607062209350.exe
    C:\Users\Admin\AppData\Local\Temp\242607062209350.exe 000001
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:1356
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242607062255990.exe 000002
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1128
    - - C:\Users\Admin\AppData\Local\Temp\242607062255990.exe
        
        C:\Users\Admin\AppData\Local\Temp\242607062255990.exe 000002
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1248
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242607062311350.exe 000003
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\242607062311350.exe
        
        C:\Users\Admin\AppData\Local\Temp\242607062311350.exe 000003
        7⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1056
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242607062323334.exe 000004
        8⤵
        Suspicious use of WriteProcessMemory
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\242607062323334.exe
        
        C:\Users\Admin\AppData\Local\Temp\242607062323334.exe 000004
        9⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2832
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242607062337037.exe 000005
        10⤵
        Suspicious use of WriteProcessMemory
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\242607062337037.exe
        
        C:\Users\Admin\AppData\Local\Temp\242607062337037.exe 000005
        11⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3180
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242607062409850.exe 000006
        12⤵
        Suspicious use of WriteProcessMemory
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\242607062409850.exe
        
        C:\Users\Admin\AppData\Local\Temp\242607062409850.exe 000006
        13⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1060
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242607062423631.exe 000007
        14⤵
        Suspicious use of WriteProcessMemory
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\242607062423631.exe
        
        C:\Users\Admin\AppData\Local\Temp\242607062423631.exe 000007
        15⤵
        Executes dropped EXE
        
        PID:1524

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\242607062209350.exe

Filesize
13KB

MD5
bbb171cbeaa1ba3a8425578229501be9

SHA1
8501afc6bb3059d8dbc266552862c71a7df5336f

SHA256
4ccf1999072c16277ffcc07ed68c375929b3fdb960fc9b63bfba984c71005d11

SHA512
f5b2a478fe21bfe5725f0f1654bb4b81385d50e32cb70225aa31f423e1ef19d110722d7ac9f34435f65a72f7d193f4f17c82191f83548aa02af2a57bd40b635e

Download Submit
C:\Users\Admin\AppData\Local\Temp\242607062255990.exe

Filesize
12KB

MD5
80b263f7f1928dfc9f0e41adf22a99da

SHA1
062fcc3b3306da5a370c6e0197a7ecf1cf2e61d6

SHA256
0ccdcbd3469e1fb89dc13d8fec9d259bbd1205500f363232315d480049bc65ea

SHA512
fe1a2f0a48293a3d5a02ac7d85aea3458a42bb1b3060441470ade807d6cc8bb5aac80e128b651d0a7a0181b1de8f6dafa5bb1eb2045ff2b6f5a4d3c9de1d9252

Download Submit
C:\Users\Admin\AppData\Local\Temp\242607062311350.exe

Filesize
13KB

MD5
02663a8f55db9b4c4c3d40d8b75e3dcb

SHA1
a5d39d0c3adbcc4eef4633dcb64b1474228daa93

SHA256
7cac00335923ce215c73ba061407698a9f458e56dc2310baeb167477ff0b2598

SHA512
2f0b5a45a16fea13f9f95b9d9cba0d9ca052cd48f9e8fd3e58d206d45974a3e35e64d32a8a8e59f5e50423049a11e0bfdccd7df710f6c4e11177702176db941f

Download Submit
C:\Users\Admin\AppData\Local\Temp\242607062323334.exe

Filesize
13KB

MD5
5f588229bf87b61142ef4e9e8ea0e234

SHA1
a47c417dcffe484d456e41c67080186201380c95

SHA256
a7b00928eb9d62083cab6e8271d4894997a571f994e00a32cfbea451ffe4e2fe

SHA512
824616d5572dbd2264200137e5c0f5e73cb850352dce4de53ae8c48df8cff5a4805e368921cf326596ae2a7c777ab78d46d4594b51099727dc5298c33843b80f

Download Submit
C:\Users\Admin\AppData\Local\Temp\242607062337037.exe

Filesize
13KB

MD5
94a3a7f0a0b0b9b1f1c3434c606e8514

SHA1
d56a7b7c60aa9aedb4435647d3c26a5e3c6e69fa

SHA256
91937c6ced6bad97ba2b936423c85e8e03a2839b27c215779d0fdf9915966bc2

SHA512
06b7ab6e256aeb5a228809ec7c43e688de5109f6a1eb6140205416cac2847a57de16ca7dc8e461bd641e9a68030cde2642795a5f5b7aecf0b16ea744311e3441

Download Submit
C:\Users\Admin\AppData\Local\Temp\242607062409850.exe

Filesize
13KB

MD5
3c52c1b11188815ca613ca67a28f07ab

SHA1
126ff17b7ab8fac7c1b800f8646b048da3bafce5

SHA256
1f080207bf0d77f169f9641b03600c3168a334a1c13741bab24d742237bd001f

SHA512
82004354bb93090bfdb7d9a7aa2aa72e2c451477659bbff1ab67861a0902d23b943adb8c670665881a679b0c1d566b910a043aaaee4fd05d1f5b5d639a0f3fc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\242607062423631.exe

Filesize
13KB

MD5
64a66164caa6ca218778d1e0552ab247

SHA1
2dd0d2f8707e43e3872b0ed9df78dcabc489723b

SHA256
d77f71c316e6ac7cbd34360036d1cbcf967711e85f2aa092c3655ca2bc79ed33

SHA512
b387ba14a71b4059c0a26f2693652417e79b61cd482e98beb5b56ad2e9b4cb2cbe54203ea3751989771feba4575cd67b667a541c00fbfed3377b2f80a5182124

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads