bf7e76ec5c0aed2e69ead2d6b176792ddfd5ab801ff28c3137ffe6588124500c

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
07/06/2024, 06:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bf7e76ec5c0aed2e69ead2d6b176792ddfd5ab801ff28c3137ffe6588124500c.exe
Size

13KB
MD5

28580cf00a4e5faff66cf392b581504c
SHA1

bcdcbc537382905ad19413b954bb5debb8c29c82
SHA256

bf7e76ec5c0aed2e69ead2d6b176792ddfd5ab801ff28c3137ffe6588124500c
SHA512

bcad917893b5b933721fcfb78a52a342faa7a1b0c19da018884397375a9cfce6f64e5730e8fdda4af2c05395ca01a57b03dfb9ba9843f54508bbc179fff30277
SSDEEP

192:Q7Ac0I1MRQyCvdd6PGHQFB1OX2HeyPIMs5PXJ8Puj7NjmySBzzzVTVNTVvWlJdxX:QQMygYg2iuGHSzzznWlJj+wd

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 4 IoCs

pid	Process
4488	242607063257391.exe
4740	242607063339094.exe
1340	242607063420563.exe
4308	242607063431079.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 4576	2180	bf7e76ec5c0aed2e69ead2d6b176792ddfd5ab801ff28c3137ffe6588124500c.exe	99
PID 2180 wrote to memory of 4576	2180	bf7e76ec5c0aed2e69ead2d6b176792ddfd5ab801ff28c3137ffe6588124500c.exe	99
PID 4576 wrote to memory of 4488	4576	cmd.exe	100
PID 4576 wrote to memory of 4488	4576	cmd.exe	100
PID 4488 wrote to memory of 1580	4488	242607063257391.exe	102
PID 4488 wrote to memory of 1580	4488	242607063257391.exe	102
PID 1580 wrote to memory of 4740	1580	cmd.exe	103
PID 1580 wrote to memory of 4740	1580	cmd.exe	103
PID 4740 wrote to memory of 1216	4740	242607063339094.exe	104
PID 4740 wrote to memory of 1216	4740	242607063339094.exe	104
PID 1216 wrote to memory of 1340	1216	cmd.exe	105
PID 1216 wrote to memory of 1340	1216	cmd.exe	105
PID 1340 wrote to memory of 1352	1340	242607063420563.exe	113
PID 1340 wrote to memory of 1352	1340	242607063420563.exe	113
PID 1352 wrote to memory of 4308	1352	cmd.exe	114
PID 1352 wrote to memory of 4308	1352	cmd.exe	114

C:\Users\Admin\AppData\Local\Temp\bf7e76ec5c0aed2e69ead2d6b176792ddfd5ab801ff28c3137ffe6588124500c.exe
"C:\Users\Admin\AppData\Local\Temp\bf7e76ec5c0aed2e69ead2d6b176792ddfd5ab801ff28c3137ffe6588124500c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242607063257391.exe 000001
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4576
- - C:\Users\Admin\AppData\Local\Temp\242607063257391.exe
    C:\Users\Admin\AppData\Local\Temp\242607063257391.exe 000001
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:4488
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242607063339094.exe 000002
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1580
    - - C:\Users\Admin\AppData\Local\Temp\242607063339094.exe
        
        C:\Users\Admin\AppData\Local\Temp\242607063339094.exe 000002
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4740
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242607063420563.exe 000003
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\242607063420563.exe
        
        C:\Users\Admin\AppData\Local\Temp\242607063420563.exe 000003
        7⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1340
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242607063431079.exe 000004
        8⤵
        Suspicious use of WriteProcessMemory
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\242607063431079.exe
        
        C:\Users\Admin\AppData\Local\Temp\242607063431079.exe 000004
        9⤵
        Executes dropped EXE
        
        PID:4308

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\242607063257391.exe

Filesize
13KB

MD5
7b1b8decffc21c21f09ccab902a64e33

SHA1
716ea33dec97cb230becf699381e65e3b6193204

SHA256
d340f7b9c3c65d3d665a327f862b76c1b321f473e86d294b038baab4cb617d73

SHA512
1e935b6620017de0245f7edf619597f54557ec17438e0cecf70ec9af58c8df96f60661bf426c75495ce0e6755cc7da4c9dac6aaab36a699315c2ec29a61f80bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\242607063339094.exe

Filesize
13KB

MD5
7433d2f23d0763522e9bf3b9a5c6e70c

SHA1
ccb1f79c7a8dd644506c5db132d369bd729c81ce

SHA256
abbeba38e9328757f16da8d757acfdf5ce3b1f2855a3dc596a0cbdd059b40999

SHA512
765aae1ce47dcbc444bcea7747aeed114bf17cb854acf7a3a9f8895a8f1de975274f33a981ad22d1e713914ccf77a1df0c05c7750783215268af8d38e06b4c43

Download Submit
C:\Users\Admin\AppData\Local\Temp\242607063420563.exe

Filesize
13KB

MD5
797665a3861bb884fc914d7f0bbfbac9

SHA1
9f42dde0f8609cde74e9b0c55f443b4e9c314d77

SHA256
d1a2e6953d0cdeb6f3f7a65dfb6567f5711488192af909dcbd2094bdd7664120

SHA512
12799cfb2d1bb26c14e7c4919c518bc7f52b89b0b08750a251acb3b4d997a85d16604981d30a137d843e3961aeb5aa1cadda4cade1e84bf4df4bec3f049dbe3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\242607063431079.exe

Filesize
13KB

MD5
d6744edfff8399a79a35f446df61e78c

SHA1
8dbd9c8524f45eaa9cafebc17874861365993403

SHA256
ff64ab29f9760e14b86b5906aa757b3fffed169c8e056f2cf785fbb10dc56257

SHA512
4c892808817105feb0e086dad0eef621d49925861a855acda43e9731216178109e00cd43e798f115293d30126d2078f1a790728726363cde8bbea4cd4d0fd786

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads