Analysis

  • max time kernel
    131s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/06/2024, 07:10

General

  • Target

    d675289637c68ef1d1594866ecbab8087c229d8b0c3b0a65f42f0620fe43518f.exe

  • Size

    12KB

  • MD5

    d74568914f56b34b011d5d751eb16889

  • SHA1

    880bd13ca4e4f5ca7c780daaf21503e1576c0339

  • SHA256

    d675289637c68ef1d1594866ecbab8087c229d8b0c3b0a65f42f0620fe43518f

  • SHA512

    7866144d059e1cb959300eb6f969b716e0d905040c5239c6b7a5e462764b1f9c94e4397e17217aff53d0bb036583ea446a1b1829b81cab570c5cda919eb6b78a

  • SSDEEP

    192:uk8rI1lJYWNzMF6vZCPYods2nDfFknTP3BchLlmqRQhWhSWlJdxqHxL1x:aYKK4c+cg4qCsMWlJj+z

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d675289637c68ef1d1594866ecbab8087c229d8b0c3b0a65f42f0620fe43518f.exe
    "C:\Users\Admin\AppData\Local\Temp\d675289637c68ef1d1594866ecbab8087c229d8b0c3b0a65f42f0620fe43518f.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4544
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242607071043414.exe 000001
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1972
      • C:\Users\Admin\AppData\Local\Temp\242607071043414.exe
        C:\Users\Admin\AppData\Local\Temp\242607071043414.exe 000001
        3⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:4004
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242607071054460.exe 000002
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:3584
          • C:\Users\Admin\AppData\Local\Temp\242607071054460.exe
            C:\Users\Admin\AppData\Local\Temp\242607071054460.exe 000002
            5⤵
            • Executes dropped EXE
            PID:5004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\242607071043414.exe

    Filesize

    13KB

    MD5

    f41d2431f8d590310702ff9497f34d88

    SHA1

    6ced147ab9ec43d73f0aeb23fef6417c2350b53c

    SHA256

    8aaf2c227235a9f131bb925ce060507082e53e4ce309b99bf84fb87bf1373487

    SHA512

    75b77368ce8d3736c4d902bc408200fb2bd5fa3977859d316012696eff6fe7a2480e663032192088f5767a59835fc8f64359126d884e69396f2b08524731b110

  • C:\Users\Admin\AppData\Local\Temp\242607071054460.exe

    Filesize

    13KB

    MD5

    9aa29ee5317aef52c11c03f7897a5ccf

    SHA1

    d667900c8d5231968057c0c80d294434644aa98e

    SHA256

    513bc3a89510f39a57bdf7f897f8e380fda1a4d2f9d5f6d5db7bad63b4d54627

    SHA512

    1116834d35fb9924583111b63b1c158e14333638700ef91b0fb34f1e5f311d99836be4dd04d5fa148ade7e62e6e79223fe18d3e40d787fd1f79dc61ddf9dd388