Overview

overview

10

Static

static

452e41c2ea...in.exe

windows7_x64

10

452e41c2ea...in.exe

windows10_x64

4

Analysis

  • max time kernel
    53s
  • max time network
    67s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    09-12-2021 07:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    452e41c2ea90d817a0a293c1a1b5f79e8e8f52ac9c74bf9c6e34a896de1408b6.bin.exe

  • Size

    3.3MB

  • MD5

    c46bfdcee95bb995c627283835c746e3

  • SHA1

    1d61f1843b9d0a2779c2d522fa6755b55627b4f1

  • SHA256

    452e41c2ea90d817a0a293c1a1b5f79e8e8f52ac9c74bf9c6e34a896de1408b6

  • SHA512

    844a0d01ef7a832f13e428df0a594ee61aaa9f1208edbdbcdb8aefbef4573104a776b3eb766a75680c78da829dda80d68a80a6426a01165869bb8b8e228105c2

Score
4/10

Malware Config

Signatures

  • Drops file in Program Files directory 3 IoCs
  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\452e41c2ea90d817a0a293c1a1b5f79e8e8f52ac9c74bf9c6e34a896de1408b6.bin.exe
    "C:\Users\Admin\AppData\Local\Temp\452e41c2ea90d817a0a293c1a1b5f79e8e8f52ac9c74bf9c6e34a896de1408b6.bin.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2928
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c xcopy "C:\Users\Admin\AppData\Local\Temp\452e41c2ea90d817a0a293c1a1b5f79e8e8f52ac9c74bf9c6e34a896de1408b6.bin.exe" "%ProgramFiles%\Security\" /y /i /c /q
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2384
      • C:\Windows\SysWOW64\xcopy.exe
        xcopy "C:\Users\Admin\AppData\Local\Temp\452e41c2ea90d817a0a293c1a1b5f79e8e8f52ac9c74bf9c6e34a896de1408b6.bin.exe" "C:\Program Files (x86)\Security\" /y /i /c /q
        3⤵
        • Drops file in Program Files directory
        • Enumerates system info in registry
        PID:1220
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c schtasks /create /sc ONLOGON /tn "Security" /tr "%ProgramFiles%\Security\452e41c2ea90d817a0a293c1a1b5f79e8e8f52ac9c74bf9c6e34a896de1408b6.bin.exe" /it /f
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1552
      • C:\Windows\SysWOW64\schtasks.exe
        schtasks /create /sc ONLOGON /tn "Security" /tr "C:\Program Files (x86)\Security\452e41c2ea90d817a0a293c1a1b5f79e8e8f52ac9c74bf9c6e34a896de1408b6.bin.exe" /it /f
        3⤵
        • Creates scheduled task(s)
        PID:3324
    • C:\Windows\SysWOW64\xwizard.exe
      C:\Windows\System32\xwizard.exe
      2⤵
        PID:1240

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1240-150-0x0000000002D20000-0x0000000002D23000-memory.dmp

      Filesize

      12KB

      Download

    • memory/2928-133-0x00007FF908730000-0x00007FF90890B000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/2928-119-0x0000000077570000-0x00000000776FE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2928-121-0x0000000003660000-0x00000000037EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2928-122-0x0000000003660000-0x00000000037EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2928-123-0x0000000003660000-0x00000000037EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2928-124-0x0000000003660000-0x00000000037EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2928-126-0x0000000003660000-0x00000000037EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2928-125-0x0000000003660000-0x00000000037EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2928-127-0x0000000003660000-0x00000000037EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2928-129-0x0000000003660000-0x00000000037EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2928-128-0x0000000003660000-0x00000000037EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2928-130-0x0000000003660000-0x00000000037EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2928-131-0x0000000003660000-0x00000000037EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2928-132-0x0000000003660000-0x00000000037EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2928-116-0x0000000001980000-0x0000000001981000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2928-120-0x0000000003660000-0x00000000037EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2928-117-0x0000000006DA0000-0x0000000006DA1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2928-118-0x0000000001990000-0x0000000001991000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2928-115-0x00000000015F0000-0x00000000015FB000-memory.dmp

      Filesize

      44KB

      Download

    • memory/2928-139-0x000000000F530000-0x000000000F70B000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/2928-138-0x000000000F530000-0x000000000F70B000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/2928-140-0x000000000F530000-0x000000000F70B000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/2928-141-0x000000000F530000-0x000000000F70B000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/2928-142-0x000000000F530000-0x000000000F70B000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/2928-143-0x000000000F530000-0x000000000F70B000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/2928-144-0x000000000F530000-0x000000000F70B000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/2928-146-0x000000000F530000-0x000000000F70B000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/2928-147-0x000000000F530000-0x000000000F70B000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/2928-148-0x000000000F530000-0x000000000F70B000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/2928-145-0x000000000F530000-0x000000000F70B000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/2928-149-0x000000000F530000-0x000000000F70B000-memory.dmp

      Filesize

      1.9MB

      Download