Overview

overview

8

Static

static

eebe22e764...f3.exe

windows7_x64

8

eebe22e764...f3.exe

windows10-2004_x64

8

Analysis

  • max time kernel
    139s
  • max time network
    162s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220112
  • submitted
    01-02-2022 02:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eebe22e7644673d7f6b79e14f132eebe035d1a48cf4fc679f6f166b9039028f3.exe

  • Size

    395KB

  • MD5

    a832b94e99ed832d88846fbe3a49fc1f

  • SHA1

    5c9e96626c3dcc266220ae9909298a4cf64a8d31

  • SHA256

    eebe22e7644673d7f6b79e14f132eebe035d1a48cf4fc679f6f166b9039028f3

  • SHA512

    d2170f5722e6539077165d3f86a521561be2276d40206e2aefeff8e7552b47b3d05f0809c9b051e4a192687afa6416ca7bc4aa7dd3c06887017f8423ae019c86

Score
8/10
persistence

Malware Config

Signatures

  • Sets service image path in registry 2 TTPs
    persistence
  • Modifies data under HKEY_USERS 41 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\eebe22e7644673d7f6b79e14f132eebe035d1a48cf4fc679f6f166b9039028f3.exe
    "C:\Users\Admin\AppData\Local\Temp\eebe22e7644673d7f6b79e14f132eebe035d1a48cf4fc679f6f166b9039028f3.exe"
    1⤵
      PID:3244
    • C:\Windows\System32\WaaSMedicAgent.exe
      C:\Windows\System32\WaaSMedicAgent.exe ac06ad66bce0a26b6f3b190e9e4dd1f1 mXXzQROENkiGuBKPD0WKJg.0.1.0.0.0
      1⤵
      • Modifies data under HKEY_USERS
      PID:1252
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k wusvcs -p
      1⤵
        PID:3500

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads