f81c79de1b8bec0ffcd299c964d8cf0bee0d983ab465b693dbfd7347d2c64f87

Resubmissions

01-07-2024 13:59

240701-ramdaayfpp 10

06-06-2023 19:05

230606-xr1j5afb28 8

Analysis

max time kernel
38s
max time network
49s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 13:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

winrar-64-6.21-installer_AmGAP-1.exe
Size

1.7MB
MD5

17b1ea1089ccf5e5ef81c5dfafdb90ff
SHA1

af0c22f715c97474303ff13364a71280c1d0f698
SHA256

f81c79de1b8bec0ffcd299c964d8cf0bee0d983ab465b693dbfd7347d2c64f87
SHA512

3e90c90477075856f77194cb6842501402f4eb49a68df84f5f3d49b5a8edae012e257908483c8451bc20bb89755c0b51c94c9499f4e3b6b85e88f8722e6d6a73
SSDEEP

24576:f7FUDowAyrTVE3U5Fmuj6C9FPusBoPwbpm90jiJ/65kr2kLgaJyLHbTVYyT:fBuZrEUr6CzmsBoYbpUF65GzOB

Score

4^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

winrar-64-6.21-installer_AmGAP-1.tmp

pid process

920 winrar-64-6.21-installer_AmGAP-1.tmp
Loads dropped DLL 2 IoCs

Processes:

winrar-64-6.21-installer_AmGAP-1.tmp

pid process

920 winrar-64-6.21-installer_AmGAP-1.tmp
920 winrar-64-6.21-installer_AmGAP-1.tmp

pid	process
920	winrar-64-6.21-installer_AmGAP-1.tmp

pid	process
920	winrar-64-6.21-installer_AmGAP-1.tmp
920	winrar-64-6.21-installer_AmGAP-1.tmp

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

winrar-64-6.21-installer_AmGAP-1.exe

description	pid	process	target process
PID 4528 wrote to memory of 920	4528	winrar-64-6.21-installer_AmGAP-1.exe	winrar-64-6.21-installer_AmGAP-1.tmp
PID 4528 wrote to memory of 920	4528	winrar-64-6.21-installer_AmGAP-1.exe	winrar-64-6.21-installer_AmGAP-1.tmp
PID 4528 wrote to memory of 920	4528	winrar-64-6.21-installer_AmGAP-1.exe	winrar-64-6.21-installer_AmGAP-1.tmp

C:\Users\Admin\AppData\Local\Temp\winrar-64-6.21-installer_AmGAP-1.exe
"C:\Users\Admin\AppData\Local\Temp\winrar-64-6.21-installer_AmGAP-1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4528

C:\Users\Admin\AppData\Local\Temp\is-2UJ1M.tmp\winrar-64-6.21-installer_AmGAP-1.tmp
"C:\Users\Admin\AppData\Local\Temp\is-2UJ1M.tmp\winrar-64-6.21-installer_AmGAP-1.tmp" /SL5="$401E6,879088,832512,C:\Users\Admin\AppData\Local\Temp\winrar-64-6.21-installer_AmGAP-1.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-2UJ1M.tmp\winrar-64-6.21-installer_AmGAP-1.tmp
Filesize
3.1MB

MD5
2c3299a97aaf7b14c4bc0145186a5851

SHA1
254fe53fb4e38ebed5f7f4c7edecd8fa295a9d85

SHA256
ca7d4bf7ea7e7a1f3ea77b885e3402d1040ad4473db3279f59376e52a980cba2

SHA512
53d0b0618ff8b1ecc3fdab140496e5268be9d922431625ee13ac315889e54cca3233608352cd4ae115d0e7559b60b642f8c1053eb6143ab660207f9e7fe1ed5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-SNRHV.tmp\botva2.dll
Filesize
37KB

MD5
67965a5957a61867d661f05ae1f4773e

SHA1
f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

SHA256
450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

SHA512
c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

Download Submit
memory/920-6-0x0000000000400000-0x000000000071B000-memory.dmp

Filesize
3.1MB

Download
memory/920-10-0x0000000000400000-0x000000000071B000-memory.dmp

Filesize
3.1MB

Download
memory/920-12-0x0000000000400000-0x000000000071B000-memory.dmp

Filesize
3.1MB

Download
memory/920-18-0x0000000006690000-0x000000000669F000-memory.dmp

Filesize
60KB

Download
memory/920-22-0x0000000000400000-0x000000000071B000-memory.dmp

Filesize
3.1MB

Download
memory/4528-0-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4528-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/4528-9-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4528-24-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download