Overview

overview

10

Static

static

cdbc70a5bc...c6.exe

windows7_x64

8

cdbc70a5bc...c6.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    5s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    24-05-2022 13:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cdbc70a5bce6d5c7c10882f2d84d899385fe2833b40dba200917926c66ff34c6.exe

  • Size

    3.8MB

  • MD5

    4a000400f17b48589a88c179e6a1d77b

  • SHA1

    2d589c7e3787c5390d453813422f5f12b8dda608

  • SHA256

    cdbc70a5bce6d5c7c10882f2d84d899385fe2833b40dba200917926c66ff34c6

  • SHA512

    60b5efa71e7b7c610ca8d5584ac587659a5bd1109f8a972ab43e7f1ca98a4a10d70d47b243988c3a38cbe42b01dea5ebd702ac7ff0ca7636cf9a99086b192cbc

Score
8/10
evasion

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\cdbc70a5bce6d5c7c10882f2d84d899385fe2833b40dba200917926c66ff34c6.exe
    "C:\Users\Admin\AppData\Local\Temp\cdbc70a5bce6d5c7c10882f2d84d899385fe2833b40dba200917926c66ff34c6.exe"
    1⤵
      PID:1720
      • C:\Users\Admin\AppData\Local\Temp\cdbc70a5bce6d5c7c10882f2d84d899385fe2833b40dba200917926c66ff34c6.exe
        "C:\Users\Admin\AppData\Local\Temp\cdbc70a5bce6d5c7c10882f2d84d899385fe2833b40dba200917926c66ff34c6.exe"
        2⤵
          PID:1056
          • C:\Windows\system32\cmd.exe
            C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
            3⤵
              PID:336
              • C:\Windows\system32\netsh.exe
                netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
                4⤵
                  PID:1984
          • C:\Windows\system32\makecab.exe
            "C:\Windows\system32\makecab.exe" C:\Windows\Logs\CBS\CbsPersist_20220524154518.log C:\Windows\Logs\CBS\CbsPersist_20220524154518.cab
            1⤵
              PID:1040

            Network

            MITRE ATT&CK Matrix ATT&CK v6

            Initial Access

            Execution

            Persistence

            Modify Existing Service

            1
            T1031

            Privilege Escalation

            Defense Evasion

            Credential Access

            Discovery

            Lateral Movement

            Collection

            Exfiltration

            Command and Control

            Impact

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/336-61-0x0000000000000000-mapping.dmp
              Download
            • memory/1056-58-0x0000000002230000-0x00000000025D6000-memory.dmp
              Filesize

              3.6MB

              Download
            • memory/1056-59-0x0000000002230000-0x00000000025D6000-memory.dmp
              Filesize

              3.6MB

              Download
            • memory/1056-60-0x0000000000400000-0x0000000001E38000-memory.dmp
              Filesize

              26.2MB

              Download
            • memory/1720-54-0x0000000002190000-0x0000000002536000-memory.dmp
              Filesize

              3.6MB

              Download
            • memory/1720-55-0x0000000002190000-0x0000000002536000-memory.dmp
              Filesize

              3.6MB

              Download
            • memory/1720-56-0x0000000002540000-0x0000000002C35000-memory.dmp
              Filesize

              7.0MB

              Download
            • memory/1720-57-0x0000000000400000-0x0000000001E38000-memory.dmp
              Filesize

              26.2MB

              Download
            • memory/1984-62-0x0000000000000000-mapping.dmp
              Download