Overview

overview

7

Static

static

3

0ba84c861f...06.exe

windows7_x64

7

0ba84c861f...06.exe

windows10-2004_x64

7

Analysis

  • max time kernel
    41s
  • max time network
    53s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    12-05-2022 12:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0ba84c861f272847794a2bc7fc23bd169a6be5981d6e5fa9bf5b344d8e6c9706.exe

  • Size

    9.4MB

  • MD5

    f8eee8ea0e3bb80c9f73c9ca0dca5b06

  • SHA1

    f79053377abf6224737840ed06787510ef3944dd

  • SHA256

    0ba84c861f272847794a2bc7fc23bd169a6be5981d6e5fa9bf5b344d8e6c9706

  • SHA512

    cdc4c37fed2a0b1c8fcfc01ee5152558639a4d6d7d0ee0c9504e1dc2040ac9c2512e9e9f79b0e1353a2abc9e4a1e4281a068a50c21d2795caf00f866b341fea6

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0ba84c861f272847794a2bc7fc23bd169a6be5981d6e5fa9bf5b344d8e6c9706.exe
    "C:\Users\Admin\AppData\Local\Temp\0ba84c861f272847794a2bc7fc23bd169a6be5981d6e5fa9bf5b344d8e6c9706.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1752
    • C:\Users\Admin\AppData\Local\Temp\0ba84c861f272847794a2bc7fc23bd169a6be5981d6e5fa9bf5b344d8e6c9706.exe
      "C:\Users\Admin\AppData\Local\Temp\0ba84c861f272847794a2bc7fc23bd169a6be5981d6e5fa9bf5b344d8e6c9706.exe"
      2⤵
      • Loads dropped DLL
      PID:1952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI17522\python39.dll
    Filesize

    4.3MB

    MD5

    13aa61cb47495239ce52671385c41a00

    SHA1

    5ef559a30335b4de9cfa0054c53767c406f0a78f

    SHA256

    713246bc3c0b2ffb7e7b285654e10b63b5f48ccab031275cf7edaf0276c73de8

    SHA512

    ff847ac7fa85b72d9f6f796c7406069173d9ed60d84e18cefd8d9b956f87bab901953891e90b93679d68b5740917da194b448e24738d1a9ab2cda02b2d1333cc

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\_MEI17522\token_grabber.exe.manifest
    Filesize

    1KB

    MD5

    658926a076c4b4d1c0291a8ebf6556f6

    SHA1

    bcfb8ae685f5ab0359941f07dc2551d403818f34

    SHA256

    39cbf2c23558b456cd011507b2f0780463d41b6a7502cc24940b12350009c4c5

    SHA512

    d7e83670a0c5d6e0e75ac07b270772b7572b88fe8cee9a20f3c241ebafa9574bf789f267ead92fa216fca75b8bd6e736e5ddd27dbd088a1a0370d5084d865fa7

    Download Submit
  • \Users\Admin\AppData\Local\Temp\_MEI17522\python39.dll
    Filesize

    4.3MB

    MD5

    13aa61cb47495239ce52671385c41a00

    SHA1

    5ef559a30335b4de9cfa0054c53767c406f0a78f

    SHA256

    713246bc3c0b2ffb7e7b285654e10b63b5f48ccab031275cf7edaf0276c73de8

    SHA512

    ff847ac7fa85b72d9f6f796c7406069173d9ed60d84e18cefd8d9b956f87bab901953891e90b93679d68b5740917da194b448e24738d1a9ab2cda02b2d1333cc

    Download Submit
  • memory/1952-54-0x0000000000000000-mapping.dmp
    Download