Overview

overview

8

Static

static

84e2fe66f9...f0.exe

windows7_x64

8

84e2fe66f9...f0.exe

windows10-2004_x64

Analysis

  • max time kernel
    122s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    24-05-2022 19:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    84e2fe66f9b37b9969358e66f3a290d5027d60a17fe3b0122cc13abb17eab5f0.exe

  • Size

    717KB

  • MD5

    273c7a9d3e159add52e5550dd66f1a45

  • SHA1

    db2d210c1e356528dc9c0abfdba8f8851aaa920e

  • SHA256

    84e2fe66f9b37b9969358e66f3a290d5027d60a17fe3b0122cc13abb17eab5f0

  • SHA512

    29cc47a8cd39a61029ba622799ea58d9de5b5e0b8484bbd642aef62d5e8f3db7b8125cb8d45919b01c0398334bd0b25ce93ff18a2771e43d08549747f2cfd327

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\84e2fe66f9b37b9969358e66f3a290d5027d60a17fe3b0122cc13abb17eab5f0.exe
    "C:\Users\Admin\AppData\Local\Temp\84e2fe66f9b37b9969358e66f3a290d5027d60a17fe3b0122cc13abb17eab5f0.exe"
    1⤵
    • Loads dropped DLL
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1464
    • C:\Users\Admin\AppData\Roaming\sgbns\expleo.exe
      "C:\Users\Admin\AppData\Roaming\sgbns\expleo.exe"
      2⤵
      • Executes dropped EXE
      PID:1392

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\sgbns\expleo.exe
    Filesize

    717KB

    MD5

    273c7a9d3e159add52e5550dd66f1a45

    SHA1

    db2d210c1e356528dc9c0abfdba8f8851aaa920e

    SHA256

    84e2fe66f9b37b9969358e66f3a290d5027d60a17fe3b0122cc13abb17eab5f0

    SHA512

    29cc47a8cd39a61029ba622799ea58d9de5b5e0b8484bbd642aef62d5e8f3db7b8125cb8d45919b01c0398334bd0b25ce93ff18a2771e43d08549747f2cfd327

    Download Submit
  • \Users\Admin\AppData\Roaming\sgbns\expleo.exe
    Filesize

    717KB

    MD5

    273c7a9d3e159add52e5550dd66f1a45

    SHA1

    db2d210c1e356528dc9c0abfdba8f8851aaa920e

    SHA256

    84e2fe66f9b37b9969358e66f3a290d5027d60a17fe3b0122cc13abb17eab5f0

    SHA512

    29cc47a8cd39a61029ba622799ea58d9de5b5e0b8484bbd642aef62d5e8f3db7b8125cb8d45919b01c0398334bd0b25ce93ff18a2771e43d08549747f2cfd327

    Download Submit
  • \Users\Admin\AppData\Roaming\sgbns\expleo.exe
    Filesize

    717KB

    MD5

    273c7a9d3e159add52e5550dd66f1a45

    SHA1

    db2d210c1e356528dc9c0abfdba8f8851aaa920e

    SHA256

    84e2fe66f9b37b9969358e66f3a290d5027d60a17fe3b0122cc13abb17eab5f0

    SHA512

    29cc47a8cd39a61029ba622799ea58d9de5b5e0b8484bbd642aef62d5e8f3db7b8125cb8d45919b01c0398334bd0b25ce93ff18a2771e43d08549747f2cfd327

    Download Submit
  • memory/1392-57-0x0000000000000000-mapping.dmp
    Download
  • memory/1464-54-0x00000000754A1000-0x00000000754A3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1464-58-0x0000000000400000-0x00000000004B9000-memory.dmp
    Filesize

    740KB

    Download