Overview

overview

10

Static

static

8

10c410851b...78.exe

windows7_x64

1

10c410851b...78.exe

windows10_x64

1

Bat-To-Exe...er-x64

linux_amd64

Bat-To-Exe...er-x64

linux_mipsel

Bat-To-Exe...er-x64

linux_mips

Bat-To-Exe...er-x86

linux_amd64

Bat-To-Exe...er-x86

linux_mipsel

Bat-To-Exe...er-x86

linux_mips

Bat-To-Exe...er.dmg

macos_amd64

1

Bat-To-Exe...64.exe

windows7_x64

3

Bat-To-Exe...64.exe

windows10_x64

1

Bat-To-Exe...86.exe

windows7_x64

3

Bat-To-Exe...86.exe

windows10_x64

1

25ac59efdf...c7.exe

windows7_x64

10

25ac59efdf...c7.exe

windows10_x64

8

3523671dc7...2a.exe

windows7_x64

8

3523671dc7...2a.exe

windows10_x64

8

4a32ef4d91...8a.exe

windows7_x64

8

4a32ef4d91...8a.exe

windows10_x64

8

6f081f8143...3b.exe

windows7_x64

8

6f081f8143...3b.exe

windows10_x64

8

79b2065107...61.exe

windows7_x64

8

79b2065107...61.exe

windows10_x64

8

baa54f7d1e...d8.exe

windows7_x64

8

baa54f7d1e...d8.exe

windows10_x64

8

Analysis

  • max time kernel
    123s
  • max time network
    127s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    25-10-2021 08:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6f081f814358d615469a82cab0569fbf3c98a3e152bcfb2a9dd348b2d881b93b.exe

  • Size

    3.9MB

  • MD5

    2eb84e2162837a70e8bdc6c24e8958c5

  • SHA1

    86a02a7b5a277df238fcea0af5c0294d8449c43e

  • SHA256

    6f081f814358d615469a82cab0569fbf3c98a3e152bcfb2a9dd348b2d881b93b

  • SHA512

    b49f6112cb55f947d88eb72bbdad1923f66589daafd218b49e9d0a4665b2aac4fae563f28f556d6b33bdbeba4542bfd87f9c45c968229892d08c54d8f2d06777

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6f081f814358d615469a82cab0569fbf3c98a3e152bcfb2a9dd348b2d881b93b.exe
    "C:\Users\Admin\AppData\Local\Temp\6f081f814358d615469a82cab0569fbf3c98a3e152bcfb2a9dd348b2d881b93b.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4008
    • C:\Users\Admin\AppData\Local\Temp\AD48.tmp\zeronet-downloader.exe
      "C:\Users\Admin\AppData\Local\Temp\AD48.tmp\zeronet-downloader.exe"
      2⤵
      • Executes dropped EXE
      PID:4060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\AD48.tmp\zeronet-downloader.exe
    MD5

    9e0722e16793b9e6ffd8b48f4033a236

    SHA1

    b76ebcc61e0d16a93feca87525966d0c4f571ec3

    SHA256

    b5782642408eb1aa19df1781e8de277e0f586f66632b3171069630651c11e988

    SHA512

    f12b277330eeac8e04d3d5b69b37c690897fc49c6586e4ec9c5aa412cd64c07fd9c4edfe6607d01fa49ec6efb3d594af6277555ce70cf0d970d1c29ef5f04bd9

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\AD48.tmp\zeronet-downloader.exe
    MD5

    9e0722e16793b9e6ffd8b48f4033a236

    SHA1

    b76ebcc61e0d16a93feca87525966d0c4f571ec3

    SHA256

    b5782642408eb1aa19df1781e8de277e0f586f66632b3171069630651c11e988

    SHA512

    f12b277330eeac8e04d3d5b69b37c690897fc49c6586e4ec9c5aa412cd64c07fd9c4edfe6607d01fa49ec6efb3d594af6277555ce70cf0d970d1c29ef5f04bd9

    Download Submit
  • memory/4060-116-0x0000000000000000-mapping.dmp
    Download