611479c78035c912dd69e3cfdadbf74649bb1fce6241b7573cfb0c7a2fc2fb2f | Triage

Analysis

max time kernel
151s
max time network
133s
platform
windows7_x64
resource
win7-20220414-en
submitted
22-05-2022 05:44

Sharing

Report Analysis Logs

General

Target

Service.exe
Size

385KB
MD5

45abb1bedf83daf1f2ebbac86e2fa151
SHA1

7d9ccba675478ab65707a28fd277a189450fc477
SHA256

611479c78035c912dd69e3cfdadbf74649bb1fce6241b7573cfb0c7a2fc2fb2f
SHA512

6bf1f7e0800a90666206206c026eadfc7f3d71764d088e2da9ca60bf5a63de92bd90515342e936d02060e1d5f7c92ddec8b0bcc85adfd8a8f4df29bd6f12c25c

Score

10^/10

suricata

Malware Config

Signatures

suricata: ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin M2
suricata: ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin M2
suricata
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

11 ipinfo.io

Drops file in Program Files directory 2 IoCs

Processes:

Service.exe

description	ioc	process
File created	C:\Program Files (x86)\PowerControl\PowerControl_Svc.exe	Service.exe
File opened for modification	C:\Program Files (x86)\PowerControl\PowerControl_Svc.exe	Service.exe

C:\Users\Admin\AppData\Local\Temp\Service.exe
"C:\Users\Admin\AppData\Local\Temp\Service.exe"
1⤵
- Drops file in Program Files directory
PID:1272

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1272-54-0x0000000076171000-0x0000000076173000-memory.dmp

Filesize
8KB

Download