Overview

overview

8

Static

static

f593967ee6...1a.exe

windows7_x64

8

f593967ee6...1a.exe

windows10-2004_x64

8

Analysis

  • max time kernel
    186s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    16-05-2022 11:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f593967ee685669377a3890dac409d06c741d75978d3bb646b37e3bdad23361a.exe

  • Size

    740KB

  • MD5

    356ffed6c9fba266c5c6055de86c6eb8

  • SHA1

    d7fa14b3ac053012ff02cc37c268d3906e09aa20

  • SHA256

    f593967ee685669377a3890dac409d06c741d75978d3bb646b37e3bdad23361a

  • SHA512

    9db6be41410522f7e4b89b9aa1ba0f006fa1bca152746469dccb69e71c44f2b71adb5c1bf06d57e2de4e528fa9f773aced27da4b8ed550ca288730c5a954523c

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f593967ee685669377a3890dac409d06c741d75978d3bb646b37e3bdad23361a.exe
    "C:\Users\Admin\AppData\Local\Temp\f593967ee685669377a3890dac409d06c741d75978d3bb646b37e3bdad23361a.exe"
    1⤵
    • Loads dropped DLL
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:932
    • C:\Users\Admin\AppData\Roaming\sgbns\expleo.exe
      "C:\Users\Admin\AppData\Roaming\sgbns\expleo.exe"
      2⤵
      • Executes dropped EXE
      PID:1724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\sgbns\expleo.exe
    Filesize

    740KB

    MD5

    356ffed6c9fba266c5c6055de86c6eb8

    SHA1

    d7fa14b3ac053012ff02cc37c268d3906e09aa20

    SHA256

    f593967ee685669377a3890dac409d06c741d75978d3bb646b37e3bdad23361a

    SHA512

    9db6be41410522f7e4b89b9aa1ba0f006fa1bca152746469dccb69e71c44f2b71adb5c1bf06d57e2de4e528fa9f773aced27da4b8ed550ca288730c5a954523c

    Download Submit
  • \Users\Admin\AppData\Roaming\sgbns\expleo.exe
    Filesize

    740KB

    MD5

    356ffed6c9fba266c5c6055de86c6eb8

    SHA1

    d7fa14b3ac053012ff02cc37c268d3906e09aa20

    SHA256

    f593967ee685669377a3890dac409d06c741d75978d3bb646b37e3bdad23361a

    SHA512

    9db6be41410522f7e4b89b9aa1ba0f006fa1bca152746469dccb69e71c44f2b71adb5c1bf06d57e2de4e528fa9f773aced27da4b8ed550ca288730c5a954523c

    Download Submit
  • \Users\Admin\AppData\Roaming\sgbns\expleo.exe
    Filesize

    740KB

    MD5

    356ffed6c9fba266c5c6055de86c6eb8

    SHA1

    d7fa14b3ac053012ff02cc37c268d3906e09aa20

    SHA256

    f593967ee685669377a3890dac409d06c741d75978d3bb646b37e3bdad23361a

    SHA512

    9db6be41410522f7e4b89b9aa1ba0f006fa1bca152746469dccb69e71c44f2b71adb5c1bf06d57e2de4e528fa9f773aced27da4b8ed550ca288730c5a954523c

    Download Submit
  • memory/932-54-0x00000000755C1000-0x00000000755C3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/932-59-0x0000000000400000-0x00000000004BF000-memory.dmp
    Filesize

    764KB

    Download
  • memory/1724-57-0x0000000000000000-mapping.dmp
    Download