Overview

overview

8

Static

static

b402a56b0e...7d.exe

windows7_x64

8

b402a56b0e...7d.exe

windows10_x64

8

Analysis

  • max time kernel
    122s
  • max time network
    125s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    13-05-2021 12:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b402a56b0e7eedc63d5e5bdeb302bc930e2cac3ffcff066a76aa0f8b5b559d7d.exe

  • Size

    1.2MB

  • MD5

    b512e241175000d0122a28adae69b731

  • SHA1

    c26d7cd23cc91625a80b4f65a050799c235c1e43

  • SHA256

    b402a56b0e7eedc63d5e5bdeb302bc930e2cac3ffcff066a76aa0f8b5b559d7d

  • SHA512

    5a2f5c273bbbd2c28004e929fb4fa3b54b59119b6c92cd89224ced0fb910f13b771a2b4707b579c94e14ec4088153e861a4544eb57a486536424c73210c1ec80

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Deletes itself 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b402a56b0e7eedc63d5e5bdeb302bc930e2cac3ffcff066a76aa0f8b5b559d7d.exe
    "C:\Users\Admin\AppData\Local\Temp\b402a56b0e7eedc63d5e5bdeb302bc930e2cac3ffcff066a76aa0f8b5b559d7d.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3560
    • C:\Users\Admin\AppData\Local\Temp\238.tmp
      "C:\Users\Admin\AppData\Local\Temp\238.tmp" --pingC:\Users\Admin\AppData\Local\Temp\b402a56b0e7eedc63d5e5bdeb302bc930e2cac3ffcff066a76aa0f8b5b559d7d.exe 54C825A89FD4603989BA923D6BD4FCB7C8E0876A6E0F7F0F35A21CFE43102657147A4CFD2C91C69A4E5FA69A57AC3C38B37BF91D87E11C8CD99E62ABA3076AEF
      2⤵
      • Executes dropped EXE
      • Deletes itself
      PID:3156

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\238.tmp
    MD5

    45fc9343cf7888c4f2c5aa82a5f7bcf1

    SHA1

    f7c9e44590b9426b69bff852415b3c746ed7f54e

    SHA256

    b67c68d94d0a0076a54965c78b6d3adb0bfc2b3c0195dd95fd27de07f385406d

    SHA512

    1f964c72849779439945de9fde9ff4d580ffb3818b8f75387b527458acc41d4d8244d85a36105d0667160b10226632de596a2c6a4dcb6681b01f951c90541c49

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\238.tmp
    MD5

    45fc9343cf7888c4f2c5aa82a5f7bcf1

    SHA1

    f7c9e44590b9426b69bff852415b3c746ed7f54e

    SHA256

    b67c68d94d0a0076a54965c78b6d3adb0bfc2b3c0195dd95fd27de07f385406d

    SHA512

    1f964c72849779439945de9fde9ff4d580ffb3818b8f75387b527458acc41d4d8244d85a36105d0667160b10226632de596a2c6a4dcb6681b01f951c90541c49

    Download Submit

  • memory/3156-114-0x0000000000000000-mapping.dmp

    Download