b2718252be051e7fbc18b319b31ef746d88407272473a465b673cea0de3c4aad

Submit
Reports

Overview

overview

Static

static

ﱞﱞﱞ�...ﱞﱞ

windows7_x64

ﱞﱞﱞ�...ﱞﱞ

windows7_x64

ﱞﱞﱞ�...ﱞﱞ

windows7_x64

ﱞﱞﱞ�...ﱞﱞ

windows7_x64

win102

windows10_x64

win102

windows10_x64

win102

windows10_x64

win102

windows10_x64

win104

windows10_x64

win104

windows10_x64

win104

windows10_x64

win104

windows10_x64

win105

windows10_x64

win105

windows10_x64

win105

windows10_x64

win105

windows10_x64

win106

windows10_x64

win106

windows10_x64

win106

windows10_x64

win106

windows10_x64

win103

windows10_x64

win103

windows10_x64

win103

windows10_x64

win103

windows10_x64

win101

windows10_x64

win101

windows10_x64

win101

windows10_x64

win101

windows10_x64

win100

windows10_x64

win100

windows10_x64

win100

windows10_x64

win100

windows10_x64

Resubmissions

25-04-2021 09:42

25-04-2021 08:59

25-04-2021 07:37

25-04-2021 06:55

24-04-2021 20:32

Analysis

max time kernel
1446s
max time network
1442s
platform
windows7_x64
resource
win7v20210408
submitted
25-04-2021 08:59

Sharing

Copy URL

Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

Install — копия.exe

Resource

win7v20210410

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Install.exe

Resource

win7v20210408

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

keygen-step-4 — копия.exe

Resource

win7v20210410

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral4

Sample

keygen-step-4.exe

Resource

win7v20210408

dcrat fickerstealer tofsee xmrig discovery evasion infostealer miner persistence rat spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral5

Sample

Install — копия.exe

Resource

win10v20210410

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral6

Sample

Install.exe

Resource

win10v20210410

glupteba metasploit raccoon redline smokeloader 9afb493c6f82d08075dbbfa7d93ce97f1dbf4733 backdoor discovery dropper evasion infostealer loader persistence spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral7

Sample

keygen-step-4 — копия.exe

Resource

win10v20210408

dcrat fickerstealer raccoon xmrig discovery evasion infostealer miner persistence rat spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral8

Sample

keygen-step-4.exe

Resource

win10v20210410

dcrat fickerstealer raccoon xmrig discovery evasion infostealer miner persistence rat spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral9

Sample

Install — копия.exe

Resource

win10v20210408

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral10

Sample

Install.exe

Resource

win10v20210410

glupteba metasploit raccoon smokeloader 9afb493c6f82d08075dbbfa7d93ce97f1dbf4733 backdoor discovery dropper evasion loader persistence spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral11

Sample

keygen-step-4 — копия.exe

Resource

win10v20210408

dcrat fickerstealer raccoon xmrig discovery evasion infostealer miner persistence rat spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral12

Sample

keygen-step-4.exe

Resource

win10v20210410

dcrat fickerstealer raccoon xmrig discovery evasion infostealer miner persistence rat spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral13

Sample

Install — копия.exe

Resource

win10v20210410

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral14

Sample

Install.exe

Resource

win10v20210408

glupteba metasploit raccoon smokeloader 9afb493c6f82d08075dbbfa7d93ce97f1dbf4733 backdoor discovery dropper evasion loader persistence spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral15

Sample

keygen-step-4 — копия.exe

Resource

win10v20210410

dcrat fickerstealer raccoon xmrig discovery evasion infostealer miner persistence rat spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral16

Sample

keygen-step-4.exe

Resource

win10v20210408

dcrat fickerstealer raccoon xmrig discovery evasion infostealer miner persistence rat spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral17

Sample

Install — копия.exe

Resource

win10v20210410

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral18

Sample

Install.exe

Resource

win10v20210408

glupteba metasploit raccoon smokeloader 9afb493c6f82d08075dbbfa7d93ce97f1dbf4733 backdoor discovery dropper evasion loader persistence spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral19

Sample

keygen-step-4 — копия.exe

Resource

win10v20210410

dcrat fickerstealer raccoon redline xmrig discovery evasion infostealer miner persistence rat spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral20

Sample

keygen-step-4.exe

Resource

win10v20210410

dcrat fickerstealer raccoon redline xmrig discovery evasion infostealer miner persistence rat spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral21

Sample

Install — копия.exe

Resource

win10v20210408

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral22

Sample

Install.exe

Resource

win10v20210410

glupteba metasploit raccoon smokeloader 9afb493c6f82d08075dbbfa7d93ce97f1dbf4733 backdoor discovery dropper evasion loader persistence spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral23

Sample

keygen-step-4 — копия.exe

Resource

win10v20210408

dcrat fickerstealer raccoon xmrig discovery evasion infostealer miner persistence rat spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral24

Sample

keygen-step-4.exe

Resource

win10v20210410

dcrat fickerstealer raccoon redline xmrig discovery evasion infostealer miner persistence rat spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral25

Sample

Install — копия.exe

Resource

win10v20210408

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral26

Sample

Install.exe

Resource

win10v20210410

glupteba metasploit raccoon smokeloader 9afb493c6f82d08075dbbfa7d93ce97f1dbf4733 backdoor discovery dropper evasion loader persistence spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral27

Sample

keygen-step-4 — копия.exe

Resource

win10v20210410

dcrat fickerstealer raccoon xmrig discovery evasion infostealer miner persistence rat spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral28

Sample

keygen-step-4.exe

Resource

win10v20210408

dcrat fickerstealer raccoon xmrig discovery evasion infostealer miner persistence rat spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral29

Sample

Install — копия.exe

Resource

win10v20210410

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral30

Sample

Install.exe

Resource

win10v20210408

glupteba metasploit raccoon smokeloader tofsee 9afb493c6f82d08075dbbfa7d93ce97f1dbf4733 backdoor discovery dropper evasion loader persistence stealer trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral31

Sample

keygen-step-4 — копия.exe

Resource

win10v20210410

dcrat fickerstealer raccoon xmrig discovery evasion infostealer miner persistence rat spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral32

Sample

keygen-step-4.exe

Resource

win10v20210408

dcrat fickerstealer raccoon xmrig discovery evasion infostealer miner persistence rat spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Report Analysis Logs

General

Target

Install.exe
Size

497KB
MD5

41a5f4fd1ea7cac4aa94a87aebccfef0
SHA1

0d0abf079413a4c773754bf4fda338dc5b9a8ddc
SHA256

97e95e99fd499ec45a7c1d8683d5731ce5e7a8fb8b710622e578cd169a00d8d9
SHA512

5ca14bda498f26efff4e1179969b8f2c25244063c7bf25f3ec20b5cd24b5be320bbfb8b3d0b2d66f5c5b415da777a766fece5f251a4247773c6cb991417fb75f

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1944	Install.tmp

Loads dropped DLL 1 IoCs

pid	Process
864	Install.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 864 wrote to memory of 1944	864	Install.exe	26
PID 864 wrote to memory of 1944	864	Install.exe	26
PID 864 wrote to memory of 1944	864	Install.exe	26
PID 864 wrote to memory of 1944	864	Install.exe	26
PID 864 wrote to memory of 1944	864	Install.exe	26
PID 864 wrote to memory of 1944	864	Install.exe	26
PID 864 wrote to memory of 1944	864	Install.exe	26

Processes

C:\Users\Admin\AppData\Local\Temp\Install.exe
"C:\Users\Admin\AppData\Local\Temp\Install.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:864
- C:\Users\Admin\AppData\Local\Temp\is-9GT0T.tmp\Install.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-9GT0T.tmp\Install.tmp" /SL5="$30104,235791,152064,C:\Users\Admin\AppData\Local\Temp\Install.exe"
  2⤵
  - Executes dropped EXE
  PID:1944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/864-60-0x0000000075891000-0x0000000075893000-memory.dmp

Filesize
8KB

Download
memory/864-61-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download