Overview

overview

10

Static

static

056b7eb0c0...69.exe

windows7_x64

10

056b7eb0c0...69.exe

windows10-2004_x64

8

Analysis

  • max time kernel
    147s
  • max time network
    157s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    27-05-2022 17:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    056b7eb0c06645e1f51ed77f4fa18a4bed47135108371a84f0482f141ae0d769.exe

  • Size

    149KB

  • MD5

    44a81be517e01ab33abdba541a239b6e

  • SHA1

    2890c3be34e4189fe0a11b4e60ff2b3203fcdd2a

  • SHA256

    056b7eb0c06645e1f51ed77f4fa18a4bed47135108371a84f0482f141ae0d769

  • SHA512

    3361688b857d7e5db7fb5c9606a8e17c1487fb7e6dda9ed69d3c6c89ed94c51abb7e935971d35884bd71a8a55cc1bf436ea28997d404b50f91921895438515a0

Score
10/10
evasionpersistencetrojan

Malware Config

Signatures

  • Modifies Windows Defender Real-time Protection settings 3 TTPs
    evasiontrojan
  • Windows security bypass 2 TTPs
    evasiontrojan
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Windows security modification 2 TTPs 7 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\056b7eb0c06645e1f51ed77f4fa18a4bed47135108371a84f0482f141ae0d769.exe
    "C:\Users\Admin\AppData\Local\Temp\056b7eb0c06645e1f51ed77f4fa18a4bed47135108371a84f0482f141ae0d769.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1948
    • C:\Windows\495060393034060\winsvcs.exe
      C:\Windows\495060393034060\winsvcs.exe
      2⤵
      • Executes dropped EXE
      • Windows security modification
      PID:1936

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\495060393034060\winsvcs.exe
    Filesize

    149KB

    MD5

    44a81be517e01ab33abdba541a239b6e

    SHA1

    2890c3be34e4189fe0a11b4e60ff2b3203fcdd2a

    SHA256

    056b7eb0c06645e1f51ed77f4fa18a4bed47135108371a84f0482f141ae0d769

    SHA512

    3361688b857d7e5db7fb5c9606a8e17c1487fb7e6dda9ed69d3c6c89ed94c51abb7e935971d35884bd71a8a55cc1bf436ea28997d404b50f91921895438515a0

    Download Submit

  • \Windows\495060393034060\winsvcs.exe
    Filesize

    149KB

    MD5

    44a81be517e01ab33abdba541a239b6e

    SHA1

    2890c3be34e4189fe0a11b4e60ff2b3203fcdd2a

    SHA256

    056b7eb0c06645e1f51ed77f4fa18a4bed47135108371a84f0482f141ae0d769

    SHA512

    3361688b857d7e5db7fb5c9606a8e17c1487fb7e6dda9ed69d3c6c89ed94c51abb7e935971d35884bd71a8a55cc1bf436ea28997d404b50f91921895438515a0

    Download Submit

  • \Windows\495060393034060\winsvcs.exe
    Filesize

    149KB

    MD5

    44a81be517e01ab33abdba541a239b6e

    SHA1

    2890c3be34e4189fe0a11b4e60ff2b3203fcdd2a

    SHA256

    056b7eb0c06645e1f51ed77f4fa18a4bed47135108371a84f0482f141ae0d769

    SHA512

    3361688b857d7e5db7fb5c9606a8e17c1487fb7e6dda9ed69d3c6c89ed94c51abb7e935971d35884bd71a8a55cc1bf436ea28997d404b50f91921895438515a0

    Download Submit

  • memory/1936-60-0x0000000000000000-mapping.dmp

    Download

  • memory/1936-62-0x00000000002F3000-0x00000000002F9000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1936-64-0x00000000002F3000-0x00000000002F9000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1936-65-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/1936-66-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/1948-54-0x00000000002D4000-0x00000000002D9000-memory.dmp

    Filesize

    20KB

    Download

  • memory/1948-55-0x0000000076721000-0x0000000076723000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1948-56-0x00000000002D4000-0x00000000002D9000-memory.dmp

    Filesize

    20KB

    Download

  • memory/1948-57-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download