Overview

overview

10

Static

static

331317B4CA...C6.exe

windows7_x64

8

331317B4CA...C6.exe

windows10_x64

10

Analysis

  • max time kernel
    35s
  • max time network
    80s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    23-05-2021 17:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    331317B4CAE70B90441E0A2C8FB2E6C6.exe

  • Size

    380KB

  • MD5

    331317b4cae70b90441e0a2c8fb2e6c6

  • SHA1

    a69df46202eb2497bad5c4ddc39e0e83efb8482a

  • SHA256

    13282c40dd66c53e866c60202f428781cf9562bb0f02e30027ebb7fb41efb5b8

  • SHA512

    b4f890eadc675d74500e0b4ffd4964f1b73702995ab6ec685a64282b535415d8193d5e7e4535f223f3446e29b16e65447d9c6a1b2ce9f342c062a02cc9236342

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\331317B4CAE70B90441E0A2C8FB2E6C6.exe
    "C:\Users\Admin\AppData\Local\Temp\331317B4CAE70B90441E0A2C8FB2E6C6.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1092
    • C:\Users\Admin\AppData\Local\Temp\is-8GQIS.tmp\331317B4CAE70B90441E0A2C8FB2E6C6.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-8GQIS.tmp\331317B4CAE70B90441E0A2C8FB2E6C6.tmp" /SL5="$3015A,140559,56832,C:\Users\Admin\AppData\Local\Temp\331317B4CAE70B90441E0A2C8FB2E6C6.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:1972

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1092-59-0x0000000075AF1000-0x0000000075AF3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1092-60-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/1972-69-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download