Analysis
-
max time kernel
86s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
21-05-2022 18:47
Static task
static1
Behavioral task
behavioral1
Sample
Urgent Inquiry___289812.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Urgent Inquiry___289812.exe
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
Urgent Inquiry___289812.exe
-
Size
568KB
-
MD5
7777daa2b9545090156a898d5131521c
-
SHA1
f3657d37012ca0daae9e4287568b68c1b2220a60
-
SHA256
cb1f5aab744ba7964f5a04e4e7b606843b1914346594ebfc36d95d7296936d2e
-
SHA512
4a4fdc1ab7ce776fd97abd0e43f646fc093bfaaa3eb0660bf9a22cc0321d67d2b95eccf6bd64591eaafedffcbd9ec7e021ecb50f90f6fcfe271f9fbfdf2f2271
Score
6/10
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
Urgent Inquiry___289812.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Xaon = "C:\\Users\\Admin\\AppData\\Local\\Xaon.url" Urgent Inquiry___289812.exe -
Script User-Agent 1 IoCs
Uses user-agent string associated with script host/environment.
Processes:
description flow ioc HTTP User-Agent header 46 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
Urgent Inquiry___289812.exedescription pid process target process PID 4344 wrote to memory of 4168 4344 Urgent Inquiry___289812.exe ieinstal.exe PID 4344 wrote to memory of 4168 4344 Urgent Inquiry___289812.exe ieinstal.exe PID 4344 wrote to memory of 4168 4344 Urgent Inquiry___289812.exe ieinstal.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Urgent Inquiry___289812.exe"C:\Users\Admin\AppData\Local\Temp\Urgent Inquiry___289812.exe"1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\internet explorer\ieinstal.exe"C:\Program Files (x86)\internet explorer\ieinstal.exe"2⤵