Overview

overview

8

Static

static

588c5cd951...6c.exe

windows7_x64

8

588c5cd951...6c.exe

windows10_x64

8

Analysis

  • max time kernel
    131s
  • max time network
    132s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    13-05-2021 12:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    588c5cd951c636f8c8bab3083aba2194c1514477a959cf18bc389b183887606c.exe

  • Size

    743KB

  • MD5

    e7303eba9d961f5a145f4270d6b2a4b1

  • SHA1

    b42e698ce330f2ae0212622137814bcceb1ed58e

  • SHA256

    588c5cd951c636f8c8bab3083aba2194c1514477a959cf18bc389b183887606c

  • SHA512

    178ec653956816b1f85cf96f5fe5c69b3c510285f9eb211a2a71da6662b82ad22d039f7dc28771a0076ca700cdd14985d82e764dd22766d2c6716aad6a53fbf3

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\588c5cd951c636f8c8bab3083aba2194c1514477a959cf18bc389b183887606c.exe
    "C:\Users\Admin\AppData\Local\Temp\588c5cd951c636f8c8bab3083aba2194c1514477a959cf18bc389b183887606c.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2232
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Windows\uninstal.bat
      2⤵
        PID:2848
    • C:\Windows\Hacker.com.cn.exe
      C:\Windows\Hacker.com.cn.exe
      1⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:2500
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
        2⤵
          PID:2732

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Windows\Hacker.com.cn.exe
        MD5

        e7303eba9d961f5a145f4270d6b2a4b1

        SHA1

        b42e698ce330f2ae0212622137814bcceb1ed58e

        SHA256

        588c5cd951c636f8c8bab3083aba2194c1514477a959cf18bc389b183887606c

        SHA512

        178ec653956816b1f85cf96f5fe5c69b3c510285f9eb211a2a71da6662b82ad22d039f7dc28771a0076ca700cdd14985d82e764dd22766d2c6716aad6a53fbf3

        Download Submit
      • C:\Windows\Hacker.com.cn.exe
        MD5

        e7303eba9d961f5a145f4270d6b2a4b1

        SHA1

        b42e698ce330f2ae0212622137814bcceb1ed58e

        SHA256

        588c5cd951c636f8c8bab3083aba2194c1514477a959cf18bc389b183887606c

        SHA512

        178ec653956816b1f85cf96f5fe5c69b3c510285f9eb211a2a71da6662b82ad22d039f7dc28771a0076ca700cdd14985d82e764dd22766d2c6716aad6a53fbf3

        Download Submit
      • C:\Windows\uninstal.bat
        MD5

        8fc6e16e255d42483a77b549175ab6ea

        SHA1

        20523faa7b2797ba8436cfcbaba5c274aa088a09

        SHA256

        a6bca35902992d0b8dbd695d5f51e5f6e0aa315b2a6adb5a80a80953060c3a53

        SHA512

        3dd91e7595eb12237829aa81a6ba993a515784d05f8b275617db6f9fb42b5c34edc67db2fc6b632f8c4c362f0fb3d42f806ee855ac4d4413cedf1e70949c23b0

        Download Submit
      • memory/2232-114-0x0000000002340000-0x0000000002341000-memory.dmp
        Filesize

        4KB

        Download
      • memory/2500-117-0x0000000000540000-0x0000000000541000-memory.dmp
        Filesize

        4KB

        Download
      • memory/2848-118-0x0000000000000000-mapping.dmp
        Download