Overview

overview

10

Static

static

c45e01b4a0...16.exe

windows7_x64

10

c45e01b4a0...16.exe

windows10-2004_x64

8

Analysis

  • max time kernel
    154s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    21-05-2022 04:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c45e01b4a06640be506fafb3ea3daaa648f2f728e152b1896ba920a902c90d16.exe

  • Size

    245KB

  • MD5

    44bcd26f9a5bdffaec1458ae3ac05e5d

  • SHA1

    5f2ac141932304ca6fd4252d19b54b7ac0769252

  • SHA256

    c45e01b4a06640be506fafb3ea3daaa648f2f728e152b1896ba920a902c90d16

  • SHA512

    a6dade5b186371af34db8fce5d278895b4cf3f10f7fe0617ab01315cb67efeca2d20425c24689078ff7e1aefd63a3f11b24ca39ea89d928c1e3bd6f34dc4e115

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c45e01b4a06640be506fafb3ea3daaa648f2f728e152b1896ba920a902c90d16.exe
    "C:\Users\Admin\AppData\Local\Temp\c45e01b4a06640be506fafb3ea3daaa648f2f728e152b1896ba920a902c90d16.exe"
    1⤵
      PID:4780
    • C:\Windows\system32\cmd.exe
      cmd.exe / c "start "" /b "cmd.exe" /c "copy /y "C:\Users\Admin\AppData\Local\Temp\c45e01b4a06640be506fafb3ea3daaa648f2f728e152b1896ba920a902c90d16.exe" "C:\Users\Admin\AppData\Local\Temp\tnqrptas.exe"&&start "" /b "C:\Users\Admin\AppData\Local\Temp\tnqrptas.exe" -z {A56D60AD-D192-4CFB-8A74-FB4198DF6DC8}&&exit 0""
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2280
      • C:\Users\Admin\AppData\Local\Temp\tnqrptas.exe
        "C:\Users\Admin\AppData\Local\Temp\tnqrptas.exe" -z {A56D60AD-D192-4CFB-8A74-FB4198DF6DC8}
        2⤵
        • Executes dropped EXE
        PID:4856

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\tnqrptas.exe
      Filesize

      245KB

      MD5

      44bcd26f9a5bdffaec1458ae3ac05e5d

      SHA1

      5f2ac141932304ca6fd4252d19b54b7ac0769252

      SHA256

      c45e01b4a06640be506fafb3ea3daaa648f2f728e152b1896ba920a902c90d16

      SHA512

      a6dade5b186371af34db8fce5d278895b4cf3f10f7fe0617ab01315cb67efeca2d20425c24689078ff7e1aefd63a3f11b24ca39ea89d928c1e3bd6f34dc4e115

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\tnqrptas.exe
      Filesize

      245KB

      MD5

      44bcd26f9a5bdffaec1458ae3ac05e5d

      SHA1

      5f2ac141932304ca6fd4252d19b54b7ac0769252

      SHA256

      c45e01b4a06640be506fafb3ea3daaa648f2f728e152b1896ba920a902c90d16

      SHA512

      a6dade5b186371af34db8fce5d278895b4cf3f10f7fe0617ab01315cb67efeca2d20425c24689078ff7e1aefd63a3f11b24ca39ea89d928c1e3bd6f34dc4e115

      Download Submit
    • memory/4780-130-0x00000000004D0000-0x00000000004F7000-memory.dmp
      Filesize

      156KB

      Download
    • memory/4780-134-0x0000000180000000-0x000000018002A000-memory.dmp
      Filesize

      168KB

      Download
    • memory/4780-135-0x00000000001D0000-0x00000000001F4000-memory.dmp
      Filesize

      144KB

      Download
    • memory/4780-136-0x0000000180000000-0x000000018002A000-memory.dmp
      Filesize

      168KB

      Download
    • memory/4856-137-0x0000000000000000-mapping.dmp
      Download
    • memory/4856-145-0x0000000180000000-0x000000018002A000-memory.dmp
      Filesize

      168KB

      Download