044c16cdbc6ec18f58bfecaacf4d4e21150a19d8d10c694c4a4c3085697499a2

Analysis

max time kernel
15s
max time network
117s
platform
windows10_x64
resource
win10v20201028
submitted
04-01-2021 02:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b6c343fd90ce107bd1e0ea2fec6b5d3a33637f0a6daa251256a533e426aa796f.exe

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

Run.exe

pid process

2192 Run.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

Processes:

Run.exe

pid	process
2192	Run.exe
2192	Run.exe
2192	Run.exe
2192	Run.exe
2192	Run.exe
2192	Run.exe
2192	Run.exe
2192	Run.exe
2192	Run.exe
2192	Run.exe
2192	Run.exe
2192	Run.exe
2192	Run.exe
2192	Run.exe
2192	Run.exe
2192	Run.exe
2192	Run.exe
2192	Run.exe
2192	Run.exe
2192	Run.exe
2192	Run.exe
2192	Run.exe
2192	Run.exe
2192	Run.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

Run.exe

pid process

2192 Run.exe
2192 Run.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

b6c343fd90ce107bd1e0ea2fec6b5d3a33637f0a6daa251256a533e426aa796f.exe

description	pid	process	target process
PID 988 wrote to memory of 2192	988	b6c343fd90ce107bd1e0ea2fec6b5d3a33637f0a6daa251256a533e426aa796f.exe	Run.exe
PID 988 wrote to memory of 2192	988	b6c343fd90ce107bd1e0ea2fec6b5d3a33637f0a6daa251256a533e426aa796f.exe	Run.exe
PID 988 wrote to memory of 2192	988	b6c343fd90ce107bd1e0ea2fec6b5d3a33637f0a6daa251256a533e426aa796f.exe	Run.exe

C:\Users\Admin\AppData\Local\Temp\b6c343fd90ce107bd1e0ea2fec6b5d3a33637f0a6daa251256a533e426aa796f.exe
"C:\Users\Admin\AppData\Local\Temp\b6c343fd90ce107bd1e0ea2fec6b5d3a33637f0a6daa251256a533e426aa796f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:988

C:\Users\Admin\AppData\Local\Temp\7zS5E91.tmp\Run.exe
.\Run.exe
2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2192

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS5E91.tmp\Invoice.htm
MD5
905bcafd0c52d766fe5f07d83b5a4416

SHA1
cb8eb19195aec0fed9cbc7f1965953bb363bba23

SHA256
db30315388ecb39492d09a0e2447a2dbccc902532f284f9a25f3c95e092af1b1

SHA512
6f861d5e045ad192853468ccea0dfcf2292483a269776e22b38b333089a09a6ecf85843cc5aeff543c5d3acf318be32a05c1de533200a4e3b0f6690d079d2027

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS5E91.tmp\Run.exe
MD5
d481f9bc758b1227af2b1b08ce2e8084

SHA1
01152775477879348884325cbb080729f9f12ae3

SHA256
98989f7f6d0b43b4ccaf885f192b207f0c191cf2c6aaddc4ee6762d44019e5e2

SHA512
95781c8e5e00e6b11b3f17a7efbb31535dd723d8b1d5041c107fcf5e4e21d549d9bbcb68f23c96ff82f8a7793f8765e6f510b96da8c99dc2bcef152cd075f08b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS5E91.tmp\Run.exe
MD5
d481f9bc758b1227af2b1b08ce2e8084

SHA1
01152775477879348884325cbb080729f9f12ae3

SHA256
98989f7f6d0b43b4ccaf885f192b207f0c191cf2c6aaddc4ee6762d44019e5e2

SHA512
95781c8e5e00e6b11b3f17a7efbb31535dd723d8b1d5041c107fcf5e4e21d549d9bbcb68f23c96ff82f8a7793f8765e6f510b96da8c99dc2bcef152cd075f08b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS5E91.tmp\logo.gif
MD5
2cc222ea16885fc7d0a1ffef03cd80d2

SHA1
f8c01af44b508bd0c409c380ad359c17fd0536e0

SHA256
27f85fd9f31110598850cb5972a390506b88648082ebd15019637ccde3d690b4

SHA512
4b70150105fe39b65278cf9a4a019530e0e2457e90429cec8910b9d7f2b406c6fff46aaaa587a1eb2ebafab009b035aab309543a9c4756e2107fe4675d7a2db1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS5E91.tmp\settings.dat
MD5
abd7da1aef888db5d6998c4798c5262c

SHA1
75c6c002549ce3fd84c4de70861d45d1aab5030c

SHA256
9b1d2565dddd47140930cf09c067e280507cacb113f10f44ce205078fc06b53c

SHA512
322873ce575c10993a410d46d3aceb8135be9b9fd4ec67716e7ed43643f1ca8eecd97bfd43b91695677612b759b8baf3e28262c72a50247e758418d45e7b97ff

Download Submit
memory/2192-2-0x0000000000000000-mapping.dmp

Download