Overview

overview

10

Static

static

b32acc0d68...c3.exe

windows7_x64

6

b32acc0d68...c3.exe

windows10_x64

10

Analysis

  • max time kernel
    7s
  • max time network
    8s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    08-11-2020 14:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b32acc0d68b0c74f732509d25c0f03f7e9278a65fb91d83cb7f6b7aa7baeedc3.exe

  • Size

    585KB

  • MD5

    2f84065b4d10029d655fe5240b918a82

  • SHA1

    160d060a7dca7dff8e4ededa01b1981faf84fcfb

  • SHA256

    b32acc0d68b0c74f732509d25c0f03f7e9278a65fb91d83cb7f6b7aa7baeedc3

  • SHA512

    ef00a3926dd3a60b33fa6ea4eeadebc55be77100ce0425250de471b7293cb46a4336f94952399bada7f82e084d9ecb7c27b0c6272fd1bfe07e4b4fda62f87995

Score
6/10

Malware Config

Signatures

  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b32acc0d68b0c74f732509d25c0f03f7e9278a65fb91d83cb7f6b7aa7baeedc3.exe
    "C:\Users\Admin\AppData\Local\Temp\b32acc0d68b0c74f732509d25c0f03f7e9278a65fb91d83cb7f6b7aa7baeedc3.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1824
    • C:\Windows\system32\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\tmp1CB1.tmp.cmd""
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1060
      • C:\Windows\system32\timeout.exe
        timeout 1
        3⤵
        • Delays execution with timeout.exe
        PID:1084

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\tmp1CB1.tmp.cmd
    MD5

    32fee22b5f8cc6da1ec2876df130510a

    SHA1

    e274a6dac160daf0e310306f68ac3b7afe1d6461

    SHA256

    eb642e3a321e03c69ad3140ca0bb8b1ec3f0860df98a874e96b0137caa0666c6

    SHA512

    2ef3da8bfafa24de5f00d03bccfe53edab7871c3ebbe817ce8810c667bd90053775abc809433e4ce136554cb4a3a061658d8c2561769ba3bf360bca54619dc97

    Download Submit
  • memory/1060-3-0x0000000000000000-mapping.dmp
    Download
  • memory/1084-5-0x0000000000000000-mapping.dmp
    Download
  • memory/1824-0-0x000007FEF55E0000-0x000007FEF5FCC000-memory.dmp
    Filesize

    9.9MB

    Download
  • memory/1824-1-0x00000000010F0000-0x00000000010F1000-memory.dmp
    Filesize

    4KB

    Download