Overview

overview

10

Static

static

5754f46f30...f4.exe

windows7-x64

10

5754f46f30...f4.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220721-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-07-2022 23:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5754f46f3074606adde9039539ef43f03e72017018a25f476fe2674a97a6f3f4.exe

  • Size

    221KB

  • MD5

    86dafa0262bf217f5344a3b057c0db06

  • SHA1

    ff02f3f2808cffeeb1e524fc872edbb7016bf628

  • SHA256

    5754f46f3074606adde9039539ef43f03e72017018a25f476fe2674a97a6f3f4

  • SHA512

    1816acbea1c65dedf494dda5dd0fbd106a50d0aea0c493f88f342d0332d1b4b92c4722cab7874704d116568f447be2745d5b63fdfbd2d56b70266d427d4cac01

Score
10/10
suricata

Malware Config

Signatures

  • suricata: ET MALWARE Generic - POST To .php w/Extended ASCII Characters

    suricata: ET MALWARE Generic - POST To .php w/Extended ASCII Characters

    suricata
  • suricata: ET MALWARE Ransomware Locky CnC Beacon 2

    suricata: ET MALWARE Ransomware Locky CnC Beacon 2

    suricata
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5754f46f3074606adde9039539ef43f03e72017018a25f476fe2674a97a6f3f4.exe
    "C:\Users\Admin\AppData\Local\Temp\5754f46f3074606adde9039539ef43f03e72017018a25f476fe2674a97a6f3f4.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2060
    • C:\Windows\SYSTEM32\cmd.exe
      cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\5754f46f3074606adde9039539ef43f03e72017018a25f476fe2674a97a6f3f4.exe"
      2⤵
        PID:2868

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2060-130-0x0000000000400000-0x000000000044C000-memory.dmp
      Filesize

      304KB

      Download
    • memory/2060-132-0x0000000000400000-0x000000000044C000-memory.dmp
      Filesize

      304KB

      Download
    • memory/2060-133-0x0000000000610000-0x0000000000631000-memory.dmp
      Filesize

      132KB

      Download
    • memory/2060-134-0x0000000000610000-0x0000000000631000-memory.dmp
      Filesize

      132KB

      Download
    • memory/2060-136-0x0000000000610000-0x0000000000631000-memory.dmp
      Filesize

      132KB

      Download
    • memory/2868-135-0x0000000000000000-mapping.dmp
      Download