7fba58c6b7591e50c4471a69a3c478714cb4d39ecd75765958f2b70f9122c0de | Triage

Analysis

max time kernel
93s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23-12-2024 20:12

Sharing

Report Analysis Logs

General

Target

Payload.exe
Size

18KB
MD5

7c32401af9db64cdde2717c6ea6a22d7
SHA1

0e78241e2a9199c5c66187da1edc1922f9506ce3
SHA256

1430e83a0b78cecd8d7a510d4559bb710cfb56ed303d8ea99b87c20b59f7fce5
SHA512

3e98515af36950e141ea32f657610ed84bed259e21af779f47f6e56d0ec2813317d372e91e0edc8c46226271bc20271b0898c2a126d27be70f354b05c8b4c503
SSDEEP

384:44DIO0G5pVhxSjdto26g2S0olp6NaUkBq2CicSaz+kz:BDIOt3zG/6rsYjJSkz

Score

7^/10

Malware Config

Signatures

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payload.exe	Payload.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payload.exe	Payload.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2344	Payload.exe

C:\Users\Admin\AppData\Local\Temp\Payload.exe
"C:\Users\Admin\AppData\Local\Temp\Payload.exe"
1⤵
- Drops startup file
- Suspicious behavior: AddClipboardFormatListener
PID:2344

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2344-0-0x00007FFF61233000-0x00007FFF61235000-memory.dmp

Filesize
8KB

Download
memory/2344-1-0x0000000000510000-0x000000000051C000-memory.dmp

Filesize
48KB

Download
memory/2344-4-0x00007FFF61230000-0x00007FFF61CF1000-memory.dmp

Filesize
10.8MB

Download
memory/2344-5-0x00007FFF61230000-0x00007FFF61CF1000-memory.dmp

Filesize
10.8MB

Download