e50e90f46e6dcee26d97c765868d77ba85044cda01b3f59964e54c6f27f305e4

Analysis

max time kernel
94s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/10/2024, 11:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

loader.exe
Size

5.5MB
MD5

78dd0e7a959aac2a6af0cb31361b2c84
SHA1

07369dee73448ee2ddfebc19a3070d5692040293
SHA256

e50e90f46e6dcee26d97c765868d77ba85044cda01b3f59964e54c6f27f305e4
SHA512

4e6c33eeb555e0300e65de262b1ac7ab24ce2ddbe405303d9bb8fc617063a8e10a6898385661bbc093d6f4c8a8143c9cd95d2ae3dc7fdd8563caa06880b47b19
SSDEEP

98304:vV2G1vYdxU+adNBtrnVBkkP9GEtmW9VmwEgC7XlSAGorBHrFUkeq2smElSGhPW:vAGVYdyZdNLnPkkPTVycAGUhrmY2AMQ

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
1544	TycB1G9tk3wHEuIxU0cBX13tVtYOG2.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4364	loader.exe
4364	loader.exe
1544	TycB1G9tk3wHEuIxU0cBX13tVtYOG2.exe
1544	TycB1G9tk3wHEuIxU0cBX13tVtYOG2.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4364 wrote to memory of 4020	4364	loader.exe	83
PID 4364 wrote to memory of 4020	4364	loader.exe	83
PID 4364 wrote to memory of 2700	4364	loader.exe	84
PID 4364 wrote to memory of 2700	4364	loader.exe	84
PID 2700 wrote to memory of 1544	2700	cmd.exe	85
PID 2700 wrote to memory of 1544	2700	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\loader.exe
"C:\Users\Admin\AppData\Local\Temp\loader.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4364
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4020
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Users\Admin\AppData\Local\Temp\TycB1G9tk3wHEuIxU0cBX13tVtYOG2.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2700
- - C:\Users\Admin\AppData\Local\Temp\TycB1G9tk3wHEuIxU0cBX13tVtYOG2.exe
    C:\Users\Admin\AppData\Local\Temp\TycB1G9tk3wHEuIxU0cBX13tVtYOG2.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:1544

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\TycB1G9tk3wHEuIxU0cBX13tVtYOG2.exe

Filesize
6.0MB

MD5
3825bdbc7f77b372bdc41e717793b77d

SHA1
3a9929033d65545d7d7d6d6ddf72b4179206471b

SHA256
bf2307323a1a7baec9786c707443999a1a811acf4f280a09b53eb8c7c0c8ef49

SHA512
bf3e7dbf88dd275ad034b3f9071979f88f292ec9b0417d01fb1d87caa41f6efa018534ad1b74a579c50fbb0de7eba9121abdef3b6cab867877578ef051e47724

Download Submit
memory/1544-42-0x0000000140000000-0x0000000140BBF000-memory.dmp

Filesize
11.7MB

Download
memory/1544-36-0x00000001402A0000-0x00000001405CB000-memory.dmp

Filesize
3.2MB

Download
memory/1544-38-0x0000000140000000-0x0000000140BBF000-memory.dmp

Filesize
11.7MB

Download
memory/1544-37-0x00007FFB23CD0000-0x00007FFB23CD2000-memory.dmp

Filesize
8KB

Download
memory/1544-45-0x00000001402A0000-0x00000001405CB000-memory.dmp

Filesize
3.2MB

Download
memory/1544-46-0x0000000140000000-0x0000000140BBF000-memory.dmp

Filesize
11.7MB

Download
memory/4364-3-0x00007FF637C90000-0x00007FF6385FF000-memory.dmp

Filesize
9.4MB

Download
memory/4364-30-0x00007FF637D21000-0x00007FF638086000-memory.dmp

Filesize
3.4MB

Download
memory/4364-31-0x00007FF637C90000-0x00007FF6385FF000-memory.dmp

Filesize
9.4MB

Download
memory/4364-1-0x00007FFB23CD0000-0x00007FFB23CD2000-memory.dmp

Filesize
8KB

Download
memory/4364-0-0x00007FF637D21000-0x00007FF638086000-memory.dmp

Filesize
3.4MB

Download
memory/4364-43-0x00007FF637D21000-0x00007FF638086000-memory.dmp

Filesize
3.4MB

Download
memory/4364-44-0x00007FF637C90000-0x00007FF6385FF000-memory.dmp

Filesize
9.4MB

Download