Analysis

  • max time kernel
    141s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-06-2024 06:23

General

  • Target

    60b95308145688e51da9dbf263117556ed21e66406b7fff4515d29f88a230ffa.exe

  • Size

    12KB

  • MD5

    7c27e24d5906da948cb89561a9af9dd7

  • SHA1

    8c705a37c5047eb9f8e02c5c048d2235add2f2bb

  • SHA256

    60b95308145688e51da9dbf263117556ed21e66406b7fff4515d29f88a230ffa

  • SHA512

    49eb366f5583fd932dad19136b0a69b33d29d099e0e477233c9c49e07ceae6e8af6ac1b9281127e6c6683e4dd0c6518be479e301ea88bb284b36505c7dda60bf

  • SSDEEP

    192:7TmqI1c6qHT7AN684TOh3egBB8zGCag8wP+gx3yS8zgmwGLpzWlJdxqHBz1x:NVHPAzeajRgxCpU4LpzWlJj+P

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 3 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\60b95308145688e51da9dbf263117556ed21e66406b7fff4515d29f88a230ffa.exe
    "C:\Users\Admin\AppData\Local\Temp\60b95308145688e51da9dbf263117556ed21e66406b7fff4515d29f88a230ffa.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:952
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242607062331407.exe 000001
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2624
      • C:\Users\Admin\AppData\Local\Temp\242607062331407.exe
        C:\Users\Admin\AppData\Local\Temp\242607062331407.exe 000001
        3⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:2428
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242607062418642.exe 000002
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:4484
          • C:\Users\Admin\AppData\Local\Temp\242607062418642.exe
            C:\Users\Admin\AppData\Local\Temp\242607062418642.exe 000002
            5⤵
            • Executes dropped EXE
            • Suspicious use of WriteProcessMemory
            PID:1452
            • C:\Windows\system32\cmd.exe
              C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242607062428767.exe 000003
              6⤵
              • Suspicious use of WriteProcessMemory
              PID:4580
              • C:\Users\Admin\AppData\Local\Temp\242607062428767.exe
                C:\Users\Admin\AppData\Local\Temp\242607062428767.exe 000003
                7⤵
                • Executes dropped EXE
                PID:2516

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\242607062331407.exe

    Filesize

    13KB

    MD5

    d5eefe157c4d382a34941b3011da791f

    SHA1

    a962720bdf4a5ae47847f041077c9b80d97283be

    SHA256

    fa2e24c6d7e06d739e24a91e9ecea207a85c00d00185c9c0b9b62835635b2fc4

    SHA512

    0de2cd9f1ff5165003e0f013fbdf1c749f9c4c47eee7571caee0568b0b936e5cbf0faa3c05a511cb3685c29fc060afdb743c6701e687623ff10391295e9c99b3

  • C:\Users\Admin\AppData\Local\Temp\242607062418642.exe

    Filesize

    13KB

    MD5

    66a659e4575077663e01f2430c7e71ee

    SHA1

    fa15ccb8ba931780e62e64cdd30e78ec1a29e4d9

    SHA256

    a5b4eb71214bb44b7cce03308a1844898dd4e4a9e3acb953b80b1c684cebfdf7

    SHA512

    4c1eb88628b432da5c58f7698cac5723de0e1ea96dbd0b9177c8f142c2b48a1a122f0391f8053fd57cb5a6f11c35ac3e334aa6d3e25c074aa16c1ba58abfb390

  • C:\Users\Admin\AppData\Local\Temp\242607062428767.exe

    Filesize

    14KB

    MD5

    35d1d88c43c4b6c82b1f0ab54048c622

    SHA1

    ac1bd1640bd4b108c11eb28d17038d1310ff3a73

    SHA256

    02867ac446a075701a4cbeeb30cc93920978aec2d072295dd455a7bf74b900bb

    SHA512

    d7157e441aa38fc7dceb05f3a00e6973d2720f59fdf35f2323f987f4a222476caeed0e5655924f77321b3c4fd44b3efdd5938b90b935c1660a1452c8e09d0170