Overview

overview

10

Static

static

58363e9ab3...5a.exe

windows7-x64

10

58363e9ab3...5a.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    138s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20220715-en
  • resource tags

    arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system
  • submitted
    24-07-2022 16:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    58363e9ab3803c8debf35e5050a57f54609fd34b87d63ffaec6b05b9d3b1915a.exe

  • Size

    231KB

  • MD5

    8c99d446769b0f52231e4fde237ac018

  • SHA1

    6392b3ea50b8533922b8afc6bc94a5194b165575

  • SHA256

    58363e9ab3803c8debf35e5050a57f54609fd34b87d63ffaec6b05b9d3b1915a

  • SHA512

    24b894a48653ca68713f87982c823cab53599f8cfb8fd1d7ce8555ae9c9383203aba55502afbc42137230b49c9cc2d634321ccb61a00e4b244c75bd4996c48a5

Score
10/10
suricata

Malware Config

Signatures

  • suricata: ET MALWARE Generic - POST To .php w/Extended ASCII Characters

    suricata: ET MALWARE Generic - POST To .php w/Extended ASCII Characters

    suricata
  • suricata: ET MALWARE Ransomware Locky CnC Beacon 2

    suricata: ET MALWARE Ransomware Locky CnC Beacon 2

    suricata
  • suricata: ET MALWARE Win32/Necurs Common POST Header Structure

    suricata: ET MALWARE Win32/Necurs Common POST Header Structure

    suricata
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\58363e9ab3803c8debf35e5050a57f54609fd34b87d63ffaec6b05b9d3b1915a.exe
    "C:\Users\Admin\AppData\Local\Temp\58363e9ab3803c8debf35e5050a57f54609fd34b87d63ffaec6b05b9d3b1915a.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:112
    • C:\Users\Admin\AppData\Local\Temp\58363e9ab3803c8debf35e5050a57f54609fd34b87d63ffaec6b05b9d3b1915a.exe
      "C:\Users\Admin\AppData\Local\Temp\58363e9ab3803c8debf35e5050a57f54609fd34b87d63ffaec6b05b9d3b1915a.exe"
      2⤵
        PID:940
      • C:\Users\Admin\AppData\Local\Temp\58363e9ab3803c8debf35e5050a57f54609fd34b87d63ffaec6b05b9d3b1915a.exe
        "C:\Users\Admin\AppData\Local\Temp\58363e9ab3803c8debf35e5050a57f54609fd34b87d63ffaec6b05b9d3b1915a.exe"
        2⤵
          PID:1972

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/112-54-0x00000000768C1000-0x00000000768C3000-memory.dmp
        Filesize

        8KB

        Download
      • memory/1972-55-0x0000000000400000-0x0000000000421000-memory.dmp
        Filesize

        132KB

        Download
      • memory/1972-56-0x0000000000400000-0x0000000000421000-memory.dmp
        Filesize

        132KB

        Download
      • memory/1972-58-0x0000000000400000-0x0000000000421000-memory.dmp
        Filesize

        132KB

        Download
      • memory/1972-60-0x0000000000400000-0x0000000000421000-memory.dmp
        Filesize

        132KB

        Download
      • memory/1972-61-0x0000000000400000-0x0000000000421000-memory.dmp
        Filesize

        132KB

        Download
      • memory/1972-63-0x0000000000400000-0x0000000000421000-memory.dmp
        Filesize

        132KB

        Download
      • memory/1972-64-0x0000000000400000-0x0000000000421000-memory.dmp
        Filesize

        132KB

        Download
      • memory/1972-65-0x000000000040530F-mapping.dmp
        Download
      • memory/1972-68-0x0000000000400000-0x0000000000421000-memory.dmp
        Filesize

        132KB

        Download
      • memory/1972-69-0x0000000000400000-0x0000000000421000-memory.dmp
        Filesize

        132KB

        Download
      • memory/1972-70-0x0000000000260000-0x0000000000281000-memory.dmp
        Filesize

        132KB

        Download