Overview

overview

10

Static

static

8

5eed016d16...39.exe

windows7-x64

10

5eed016d16...39.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    61s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220721-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-07-2022 15:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5eed016d16ed7abb1ee84e19da014d366e2de316a8e938dc318c22fa33ae1939.exe

  • Size

    1.1MB

  • MD5

    a166cf965631b35753a21c0753ba6636

  • SHA1

    8bbe0fd326a908e8cef75cb1cfdaf23e7c60bc46

  • SHA256

    5eed016d16ed7abb1ee84e19da014d366e2de316a8e938dc318c22fa33ae1939

  • SHA512

    a6626353c1335fc894c1a345176eeb779f161b20832fb2ba75a04fc66672127289a1dba407c7ea45d9b4bab0030dbeb5f18d888dd5a2da1f7ffeedc15adcbeb1

Score
8/10
persistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5eed016d16ed7abb1ee84e19da014d366e2de316a8e938dc318c22fa33ae1939.exe
    "C:\Users\Admin\AppData\Local\Temp\5eed016d16ed7abb1ee84e19da014d366e2de316a8e938dc318c22fa33ae1939.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:576
    • C:\Users\Admin\AppData\Local\TVoood.exe
      C:\Users\Admin\AppData\Local\TVoood.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:824
      • C:\Windows\SysWOW64\wsmprovhost.exe
        wsmprovhost.exe
        3⤵
        • Adds Run key to start application
        PID:2628
        • C:\Windows\SysWOW64\wsmprovhost.exe
          "C:\Windows\SysWOW64\wsmprovhost.exe"
          4⤵
            PID:3728

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Ass.bmp
      Filesize

      773KB

      MD5

      23203ba1782a28c8f4484a409344be06

      SHA1

      402c48a6b12c4009115190fcfbd00081a3af3128

      SHA256

      02e4da182cbb41f59c5cb5c9e2a9ba4262ef305e052207928e8fca5d16d0b549

      SHA512

      b774fe55c8258d00be92a3ae177771fe6ed58db039e29f07e1f78e63f3dbf79146764fc9ec6cff30b4a6f3b4473a786e1d9367a0d2ddec5356e028e9d2f08f70

      Download Submit

    • C:\Users\Admin\AppData\Local\TVoood.exe
      Filesize

      445KB

      MD5

      36d93f874f3758a6e5b3de260679f24b

      SHA1

      9251c3134f569363331dc70db6c74a0f0413c4ba

      SHA256

      81b980813969b6f3334331f80194db92088f144ffd0f0c74294a7a92b8e6b8a9

      SHA512

      350d86e842a951762a9f086d775be7cf61a62ac6a04851b16cb5544f148aa9d0c70c1fb1c15ed723b9908d015ea3990081303107e42b460884f8839e58954c18

      Download Submit

    • C:\Users\Admin\AppData\Local\TVoood.exe
      Filesize

      445KB

      MD5

      36d93f874f3758a6e5b3de260679f24b

      SHA1

      9251c3134f569363331dc70db6c74a0f0413c4ba

      SHA256

      81b980813969b6f3334331f80194db92088f144ffd0f0c74294a7a92b8e6b8a9

      SHA512

      350d86e842a951762a9f086d775be7cf61a62ac6a04851b16cb5544f148aa9d0c70c1fb1c15ed723b9908d015ea3990081303107e42b460884f8839e58954c18

      Download Submit

    • memory/576-130-0x0000000000400000-0x000000000063C000-memory.dmp

      Filesize

      2.2MB

      Download

    • memory/576-131-0x0000000000400000-0x000000000063C000-memory.dmp

      Filesize

      2.2MB

      Download

    • memory/576-135-0x0000000000400000-0x000000000063C000-memory.dmp

      Filesize

      2.2MB

      Download

    • memory/824-132-0x0000000000000000-mapping.dmp

      Download

    • memory/824-139-0x0000000010410000-0x00000000104B8000-memory.dmp

      Filesize

      672KB

      Download

    • memory/2628-138-0x0000000000000000-mapping.dmp

      Download

    • memory/2628-146-0x0000000010410000-0x00000000104B8000-memory.dmp

      Filesize

      672KB

      Download

    • memory/2628-148-0x0000000010410000-0x00000000104B8000-memory.dmp

      Filesize

      672KB

      Download

    • memory/3728-147-0x0000000000000000-mapping.dmp

      Download