Overview

overview

6

Static

static

f65114752b...a5.exe

windows7_x64

6

f65114752b...a5.exe

windows10-2004_x64

4

Analysis

  • max time kernel
    141s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    13-02-2022 05:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f65114752b166174b94ea0ade20b09330f10f79a1d8f3c9106f7ea03075d26a5.exe

  • Size

    476KB

  • MD5

    0cf86ddb6e5ca2ae5be3c74de69ab646

  • SHA1

    227135aa5a53d53b044d19102cf91263f8317e02

  • SHA256

    f65114752b166174b94ea0ade20b09330f10f79a1d8f3c9106f7ea03075d26a5

  • SHA512

    6cb714e80b4e7d2e5c3bf227a1a92e0e275ed3e2e593efe94d7222e2cc73f2217c67edc4517a8dddf6ecf8b2737a57725fb8c8b73bca56e5f585fb11371c3b0d

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f65114752b166174b94ea0ade20b09330f10f79a1d8f3c9106f7ea03075d26a5.exe
    "C:\Users\Admin\AppData\Local\Temp\f65114752b166174b94ea0ade20b09330f10f79a1d8f3c9106f7ea03075d26a5.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: GetForegroundWindowSpam
    PID:1576

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1576-53-0x0000000076451000-0x0000000076453000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1576-54-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download