Analysis
-
max time kernel
4294183s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20220310-en -
submitted
26-03-2022 14:35
Static task
static1
Behavioral task
behavioral1
Sample
ead61d932684264a2ad44fbe097c7ad8639230c5dccb6db32a70610fbb936bb2.exe
Resource
win7-20220310-en
Behavioral task
behavioral2
Sample
ead61d932684264a2ad44fbe097c7ad8639230c5dccb6db32a70610fbb936bb2.exe
Resource
win10v2004-en-20220113
General
-
Target
ead61d932684264a2ad44fbe097c7ad8639230c5dccb6db32a70610fbb936bb2.exe
-
Size
935KB
-
MD5
310f175ef3484c2af64ec1582bbb6e8a
-
SHA1
9d8ad43605282a2fd58bd5f81891855b6d77ce1a
-
SHA256
ead61d932684264a2ad44fbe097c7ad8639230c5dccb6db32a70610fbb936bb2
-
SHA512
ce540df42c9fac4e6f2269781f3705e368c1fd807603e7e52303e437cbe691f5450518124e75ee3852173e63b01e3fd80cac595ee57fadd74436cc544e1587de
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
ead61d932684264a2ad44fbe097c7ad8639230c5dccb6db32a70610fbb936bb2.tmppid process 2044 ead61d932684264a2ad44fbe097c7ad8639230c5dccb6db32a70610fbb936bb2.tmp -
Loads dropped DLL 1 IoCs
Processes:
ead61d932684264a2ad44fbe097c7ad8639230c5dccb6db32a70610fbb936bb2.exepid process 1808 ead61d932684264a2ad44fbe097c7ad8639230c5dccb6db32a70610fbb936bb2.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
ead61d932684264a2ad44fbe097c7ad8639230c5dccb6db32a70610fbb936bb2.tmppid process 2044 ead61d932684264a2ad44fbe097c7ad8639230c5dccb6db32a70610fbb936bb2.tmp -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
ead61d932684264a2ad44fbe097c7ad8639230c5dccb6db32a70610fbb936bb2.exedescription pid process target process PID 1808 wrote to memory of 2044 1808 ead61d932684264a2ad44fbe097c7ad8639230c5dccb6db32a70610fbb936bb2.exe ead61d932684264a2ad44fbe097c7ad8639230c5dccb6db32a70610fbb936bb2.tmp PID 1808 wrote to memory of 2044 1808 ead61d932684264a2ad44fbe097c7ad8639230c5dccb6db32a70610fbb936bb2.exe ead61d932684264a2ad44fbe097c7ad8639230c5dccb6db32a70610fbb936bb2.tmp PID 1808 wrote to memory of 2044 1808 ead61d932684264a2ad44fbe097c7ad8639230c5dccb6db32a70610fbb936bb2.exe ead61d932684264a2ad44fbe097c7ad8639230c5dccb6db32a70610fbb936bb2.tmp PID 1808 wrote to memory of 2044 1808 ead61d932684264a2ad44fbe097c7ad8639230c5dccb6db32a70610fbb936bb2.exe ead61d932684264a2ad44fbe097c7ad8639230c5dccb6db32a70610fbb936bb2.tmp PID 1808 wrote to memory of 2044 1808 ead61d932684264a2ad44fbe097c7ad8639230c5dccb6db32a70610fbb936bb2.exe ead61d932684264a2ad44fbe097c7ad8639230c5dccb6db32a70610fbb936bb2.tmp PID 1808 wrote to memory of 2044 1808 ead61d932684264a2ad44fbe097c7ad8639230c5dccb6db32a70610fbb936bb2.exe ead61d932684264a2ad44fbe097c7ad8639230c5dccb6db32a70610fbb936bb2.tmp PID 1808 wrote to memory of 2044 1808 ead61d932684264a2ad44fbe097c7ad8639230c5dccb6db32a70610fbb936bb2.exe ead61d932684264a2ad44fbe097c7ad8639230c5dccb6db32a70610fbb936bb2.tmp
Processes
-
C:\Users\Admin\AppData\Local\Temp\ead61d932684264a2ad44fbe097c7ad8639230c5dccb6db32a70610fbb936bb2.exe"C:\Users\Admin\AppData\Local\Temp\ead61d932684264a2ad44fbe097c7ad8639230c5dccb6db32a70610fbb936bb2.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\is-U6CE4.tmp\ead61d932684264a2ad44fbe097c7ad8639230c5dccb6db32a70610fbb936bb2.tmp"C:\Users\Admin\AppData\Local\Temp\is-U6CE4.tmp\ead61d932684264a2ad44fbe097c7ad8639230c5dccb6db32a70610fbb936bb2.tmp" /SL5="$6014E,703914,121344,C:\Users\Admin\AppData\Local\Temp\ead61d932684264a2ad44fbe097c7ad8639230c5dccb6db32a70610fbb936bb2.exe"2⤵
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\is-U6CE4.tmp\ead61d932684264a2ad44fbe097c7ad8639230c5dccb6db32a70610fbb936bb2.tmpFilesize
764KB
MD51e9d5ac6275b5f89d66f491e671d5e0b
SHA1bf1bc56d35f0464364037687c6f1674af05c1246
SHA2566c0057363fd6c9d7be8370b1319457b877f9d4321fb458ee15fee5556f92eb87
SHA51273f40d88d81f0e8876d6cd8653176f9dd5e5db9b41c08c8c4cfb7ac42d48ecdcdf5cd332d5e16a75beaeb34599fd09b03390a8e18d4de8aac802cb8586c23783
-
\Users\Admin\AppData\Local\Temp\is-U6CE4.tmp\ead61d932684264a2ad44fbe097c7ad8639230c5dccb6db32a70610fbb936bb2.tmpFilesize
764KB
MD51e9d5ac6275b5f89d66f491e671d5e0b
SHA1bf1bc56d35f0464364037687c6f1674af05c1246
SHA2566c0057363fd6c9d7be8370b1319457b877f9d4321fb458ee15fee5556f92eb87
SHA51273f40d88d81f0e8876d6cd8653176f9dd5e5db9b41c08c8c4cfb7ac42d48ecdcdf5cd332d5e16a75beaeb34599fd09b03390a8e18d4de8aac802cb8586c23783
-
memory/1808-54-0x00000000760A1000-0x00000000760A3000-memory.dmpFilesize
8KB
-
memory/1808-55-0x0000000000400000-0x0000000000425000-memory.dmpFilesize
148KB
-
memory/1808-61-0x0000000000400000-0x0000000000425000-memory.dmpFilesize
148KB
-
memory/2044-58-0x0000000000000000-mapping.dmp