Overview

overview

10

Static

static

city_racin...-1.exe

windows7_x64

8

city_racin...-1.exe

windows10_x64

10

Analysis

  • max time kernel
    80s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    01-06-2021 11:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    city_racing_FVu1w-1.exe

  • Size

    2.3MB

  • MD5

    6663fceaf614b17884edeec24fcdfe10

  • SHA1

    e85b3d03ca1ce9baf06d46a247bd4a9c533fe30d

  • SHA256

    67e6ab1068490470d5151016f01d0efa968e8a013e359a2206fc4cc9f5f95473

  • SHA512

    6c612221b1290416b1ecab6a48d2d58772c9b549d57c21bb36d44df9f752d19923fa3807624256c7719debc13ccd4fa8acc516ac8a6e44e47e0278b0e9bff463

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\city_racing_FVu1w-1.exe
    "C:\Users\Admin\AppData\Local\Temp\city_racing_FVu1w-1.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1972
    • C:\Users\Admin\AppData\Local\Temp\is-1LM6O.tmp\city_racing_FVu1w-1.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-1LM6O.tmp\city_racing_FVu1w-1.tmp" /SL5="$3015C,1569491,780800,C:\Users\Admin\AppData\Local\Temp\city_racing_FVu1w-1.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      PID:1104

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-1LM6O.tmp\city_racing_FVu1w-1.tmp
    MD5

    47fe613751fef2c83fda48877d90300f

    SHA1

    d950ebcbf8621baef45f21198ccc72c59a524e53

    SHA256

    e227f95b36462ac67f0241770d360c87669bd95777ef3bbc02ce0c48409da1a1

    SHA512

    c96e8c65808cb351308e9b2821108026dbd726637b0964c9f683c712d4b2be45526354adfb6c2de4c3dc019e9e2fbc3f0b57efe083d945900f67433956685f92

    Download Submit
  • \Users\Admin\AppData\Local\Temp\is-1LM6O.tmp\city_racing_FVu1w-1.tmp
    MD5

    47fe613751fef2c83fda48877d90300f

    SHA1

    d950ebcbf8621baef45f21198ccc72c59a524e53

    SHA256

    e227f95b36462ac67f0241770d360c87669bd95777ef3bbc02ce0c48409da1a1

    SHA512

    c96e8c65808cb351308e9b2821108026dbd726637b0964c9f683c712d4b2be45526354adfb6c2de4c3dc019e9e2fbc3f0b57efe083d945900f67433956685f92

    Download Submit
  • \Users\Admin\AppData\Local\Temp\is-COBPP.tmp\botva2.dll
    MD5

    67965a5957a61867d661f05ae1f4773e

    SHA1

    f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

    SHA256

    450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

    SHA512

    c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

    Download Submit
  • \Users\Admin\AppData\Local\Temp\is-COBPP.tmp\zbShieldUtils.dll
    MD5

    8b03d5f13240d4395654ac0074a95728

    SHA1

    89d0f5039379fdda7719fa8b5ab3a46a92e3a064

    SHA256

    f88d2226bbac1b61dbc22c968721f4b9f961c0a6aa75d88f303649bc930007d6

    SHA512

    bb8e2d2c34e8c2d84c1c9579130b8dcded2fa90dbc6d2dc6f54c9114f13a32941571c57a25e16e42e4652eda52201ceb560ba5a726fce1f053613e51752d52a3

    Download Submit
  • memory/1104-62-0x0000000000000000-mapping.dmp
    Download
  • memory/1104-66-0x00000000003E0000-0x00000000003E1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1972-59-0x0000000076A01000-0x0000000076A03000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1972-60-0x0000000000400000-0x00000000004CC000-memory.dmp
    Filesize

    816KB

    Download