Overview

overview

7

Static

static

251d43cb56...53.exe

windows7_x64

7

251d43cb56...53.exe

windows10-2004_x64

5

Analysis

  • max time kernel
    67s
  • max time network
    59s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    11-06-2022 20:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    251d43cb566daff217cf009beb982b097dde00b67e2d4d2637f5379a6b264253.exe

  • Size

    1.4MB

  • MD5

    0cff6c361737377f9eefb9d42a8040ef

  • SHA1

    d9062f7e2d60be35b942793ebc12833b4b5e35c5

  • SHA256

    251d43cb566daff217cf009beb982b097dde00b67e2d4d2637f5379a6b264253

  • SHA512

    e8e584d4a3d36336436714bd392e2e3228526467fd77d22f2219ba3169fcfb06d1d526f8a57d37153d53f564e5fbd2a2aefbe2ef7ba1c4242162bff5930162c4

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\251d43cb566daff217cf009beb982b097dde00b67e2d4d2637f5379a6b264253.exe
    "C:\Users\Admin\AppData\Local\Temp\251d43cb566daff217cf009beb982b097dde00b67e2d4d2637f5379a6b264253.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2024
    • C:\Users\Admin\AppData\Local\Temp\251d43cb566daff217cf009beb982b097dde00b67e2d4d2637f5379a6b264253.exe
      C:\Users\Admin\AppData\Local\Temp\251d43cb566daff217cf009beb982b097dde00b67e2d4d2637f5379a6b264253.exe
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2000
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Roaming\558GJD~1.BAT"
        3⤵
        • Deletes itself
        PID:1364

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\558gjdAtywVbej.bat
    Filesize

    201B

    MD5

    8094cf68a43aa14d10602f6a152ad0b4

    SHA1

    554b5f71d35e357f5142d55a95fcd53a4faa6ad1

    SHA256

    ed0535af2d1480402f60b7a47ed25f46553ecab5036806e45161bfa35f7c3578

    SHA512

    762d9ae2335db978f65149980fa6388ae30386646b22c0e8f50effb6b802b48e321b487b05fbe36422185728f01025c6db17139d227331f29592ca2feeafab17

    Download Submit

  • memory/1364-74-0x0000000000000000-mapping.dmp

    Download

  • memory/2000-73-0x0000000000400000-0x000000000055F000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2000-68-0x00000000004C8FF1-mapping.dmp

    Download

  • memory/2000-55-0x00000000001B0000-0x00000000002AA000-memory.dmp

    Filesize

    1000KB

    Download

  • memory/2000-61-0x0000000000400000-0x0000000001400000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/2000-63-0x0000000000400000-0x0000000001400000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/2000-65-0x0000000000400000-0x0000000001400000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/2000-67-0x0000000000400000-0x0000000001400000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/2000-58-0x0000000000400000-0x0000000001400000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/2000-71-0x0000000000400000-0x0000000001400000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/2000-72-0x0000000000400000-0x000000000055F000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2000-75-0x0000000000400000-0x000000000055F000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2000-57-0x0000000000400000-0x0000000001400000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/2024-54-0x0000000076011000-0x0000000076013000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2024-60-0x0000000000360000-0x0000000000364000-memory.dmp

    Filesize

    16KB

    Download