Analysis
-
max time kernel
6s -
max time network
98s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
24-05-2022 15:31
Static task
static1
Behavioral task
behavioral1
Sample
e275434786c74dc8e568e156d6e7de940c5c3e93ddd6180f175ac691bd6a85c2.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
e275434786c74dc8e568e156d6e7de940c5c3e93ddd6180f175ac691bd6a85c2.exe
Resource
win10v2004-20220414-en
General
-
Target
e275434786c74dc8e568e156d6e7de940c5c3e93ddd6180f175ac691bd6a85c2.exe
-
Size
1.3MB
-
MD5
e94789d1b75d6520283673c75aabddb2
-
SHA1
6b34ff2a184980cd36ed962b24610201ce2e9708
-
SHA256
e275434786c74dc8e568e156d6e7de940c5c3e93ddd6180f175ac691bd6a85c2
-
SHA512
b48f690de562ba2115de6b38868aaece4ccf9b9fdd2934120d5211bdc969291d38e5bbdb0817d8a579853d05feac7096119f27fd297044ab3a9fc83f0f77e6de
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
downloader.exepid process 2752 downloader.exe -
Gathers system information 1 TTPs 1 IoCs
Runs systeminfo.exe.
-
Suspicious use of WriteProcessMemory 12 IoCs
Processes:
e275434786c74dc8e568e156d6e7de940c5c3e93ddd6180f175ac691bd6a85c2.exedownloader.execmd.exedescription pid process target process PID 3244 wrote to memory of 2752 3244 e275434786c74dc8e568e156d6e7de940c5c3e93ddd6180f175ac691bd6a85c2.exe downloader.exe PID 3244 wrote to memory of 2752 3244 e275434786c74dc8e568e156d6e7de940c5c3e93ddd6180f175ac691bd6a85c2.exe downloader.exe PID 3244 wrote to memory of 2752 3244 e275434786c74dc8e568e156d6e7de940c5c3e93ddd6180f175ac691bd6a85c2.exe downloader.exe PID 2752 wrote to memory of 3412 2752 downloader.exe cmd.exe PID 2752 wrote to memory of 3412 2752 downloader.exe cmd.exe PID 2752 wrote to memory of 3412 2752 downloader.exe cmd.exe PID 3412 wrote to memory of 4160 3412 cmd.exe systeminfo.exe PID 3412 wrote to memory of 4160 3412 cmd.exe systeminfo.exe PID 3412 wrote to memory of 4160 3412 cmd.exe systeminfo.exe PID 3412 wrote to memory of 4172 3412 cmd.exe findstr.exe PID 3412 wrote to memory of 4172 3412 cmd.exe findstr.exe PID 3412 wrote to memory of 4172 3412 cmd.exe findstr.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\e275434786c74dc8e568e156d6e7de940c5c3e93ddd6180f175ac691bd6a85c2.exe"C:\Users\Admin\AppData\Local\Temp\e275434786c74dc8e568e156d6e7de940c5c3e93ddd6180f175ac691bd6a85c2.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\7zS82E.tmp\downloader.exe.\downloader.exe %%S2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\findstr.exefindstr /c:"Model:" /c:"Host Name" /c:"OS Name"1⤵
-
C:\Windows\SysWOW64\systeminfo.exesysteminfo1⤵
- Gathers system information
-
C:\Windows\SysWOW64\cmd.exe/k systeminfo | findstr /c:"Model:" /c:"Host Name" /c:"OS Name"1⤵
- Suspicious use of WriteProcessMemory
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\7zS82E.tmp\downloader.exeFilesize
80KB
MD5643e7f332dd244b700f1b64ce7111845
SHA13dd18032ba2229fcf1256545c6e5bfc0b7c1d5eb
SHA25682212db014f6074d17a55291e5913fb8229b4d0aca56e99a2dc8aab1772d4c42
SHA5123735183f72e40fd7ca066c64000f379be30183e3a5a0ad0850ba17267b8aa931c0dc5e291612628469e0219d1cf5536b5c059601674d89d177efcde211b6182c
-
C:\Users\Admin\AppData\Local\Temp\7zS82E.tmp\downloader.exeFilesize
88KB
MD5a070a8c095ddb751173ae73cb1cb6b23
SHA12c0fbb5aabd51332f8c7c89369558f69978cf0e4
SHA256715f1ffeab188b6f6e0fc0f857b3a4dbff3752a2b3cb04a6721b8c2b188b9840
SHA5129a8e47740cb68112628f49dbdb7ccdb131717ff5e41b3b19a205565889e22e83d8e1ce2f5c6b8ae9bd088b08b0bbc23ec3c39d05a1ffebbffcdfdaa658e03b08
-
memory/2752-130-0x0000000000000000-mapping.dmp
-
memory/3412-133-0x0000000000000000-mapping.dmp
-
memory/4160-134-0x0000000000000000-mapping.dmp
-
memory/4172-135-0x0000000000000000-mapping.dmp