0b813e6f4d5cc9d2898fd9045f577d0f5e750dd960408abf3894b447033143e2

Resubmissions

25-07-2022 23:14

220725-271bhsfcb9 8

25-07-2022 23:11

220725-26apgafca6 8

Analysis

max time kernel
449s
max time network
466s
platform
windows10-2004_x64
resource
win10v2004-20220722-en
resource tags

arch:x64arch:x86image:win10v2004-20220722-enlocale:en-usos:windows10-2004-x64system
submitted
25-07-2022 23:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

s3browser-10-3-1.exe
Size

5.4MB
MD5

a80429d570de461572b85a371edd6c9b
SHA1

4372672a614a7c2ef26971f79c4e1daf357f5903
SHA256

0b813e6f4d5cc9d2898fd9045f577d0f5e750dd960408abf3894b447033143e2
SHA512

f38b02515a22b0aa9262c96b20dd8c70cc212699856b32dd018f8cb4f44e6ab0fb46a147e428f0c1374f6f8a908f787df9c553250b87ded552d92722cacbdf0a

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

s3browser-10-3-1.tmps3browser-win32.exe

pid process

1272 s3browser-10-3-1.tmp
2920 s3browser-win32.exe

pid	process
1272	s3browser-10-3-1.tmp
2920	s3browser-win32.exe

Suspicious use of WriteProcessMemory 5 IoCs

Processes:

s3browser-10-3-1.exes3browser-10-3-1.tmp

description	pid	process	target process
PID 536 wrote to memory of 1272	536	s3browser-10-3-1.exe	s3browser-10-3-1.tmp
PID 536 wrote to memory of 1272	536	s3browser-10-3-1.exe	s3browser-10-3-1.tmp
PID 536 wrote to memory of 1272	536	s3browser-10-3-1.exe	s3browser-10-3-1.tmp
PID 1272 wrote to memory of 2920	1272	s3browser-10-3-1.tmp	s3browser-win32.exe
PID 1272 wrote to memory of 2920	1272	s3browser-10-3-1.tmp	s3browser-win32.exe

C:\Users\Admin\AppData\Local\Temp\s3browser-10-3-1.exe
"C:\Users\Admin\AppData\Local\Temp\s3browser-10-3-1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:536

C:\Users\Admin\AppData\Local\Temp\is-17DEU.tmp\s3browser-10-3-1.tmp
"C:\Users\Admin\AppData\Local\Temp\is-17DEU.tmp\s3browser-10-3-1.tmp" /SL5="$C0066,4787185,831488,C:\Users\Admin\AppData\Local\Temp\s3browser-10-3-1.exe"
2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1272

C:\Users\Admin\AppData\Local\Temp\is-CPRAV.tmp\s3browser-win32.exe
"C:\Users\Admin\AppData\Local\Temp\is-CPRAV.tmp\s3browser-win32.exe" iko C:\Users\Admin\AppData\Local\Temp\is-CPRAV.tmp\Xf7eae1c5435f4405a0cea8cf7f79d058
3⤵
- Executes dropped EXE
PID:2920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-17DEU.tmp\s3browser-10-3-1.tmp
Filesize
3.0MB

MD5
a73b51c3bee773b0db64dfa52432fcc0

SHA1
d2d12a4b37156873e02e9981d9c9e45a8916ed6e

SHA256
75bff91d9b19195c5e1b528e7e117c2060d2ffd83f27464a1e6f54036181d676

SHA512
aaad6011b9ab3c92d9bbf9194eff664c00ea17fcbb25b60579c210f8aaa0cfd3f0b8158cf5a25ebccf97f9b615d0f291f450ec450e3539ca2046acf849070c32

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-CPRAV.tmp\s3browser-win32.exe
Filesize
4.6MB

MD5
918ea07cb7e3fe155bee8c25c20c3411

SHA1
44f0013a48b9626d87b63e7eff4771926b6695d3

SHA256
b13da11583c1c6362dda82bafefd864b47355fe6f67c5441784bc5f0682be7da

SHA512
27bd06414723a64f82eb3a57e85fd6659ad96784f2e883da6730e63d6c4c3e1d4064d32cfb886ad85ecade78858196856c3a6582ed430defa5540a11082d7911

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-CPRAV.tmp\s3browser-win32.exe
Filesize
4.6MB

MD5
918ea07cb7e3fe155bee8c25c20c3411

SHA1
44f0013a48b9626d87b63e7eff4771926b6695d3

SHA256
b13da11583c1c6362dda82bafefd864b47355fe6f67c5441784bc5f0682be7da

SHA512
27bd06414723a64f82eb3a57e85fd6659ad96784f2e883da6730e63d6c4c3e1d4064d32cfb886ad85ecade78858196856c3a6582ed430defa5540a11082d7911

Download Submit
memory/536-132-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/536-134-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/536-137-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1272-135-0x0000000000000000-mapping.dmp

Download
memory/2920-138-0x0000000000000000-mapping.dmp

Download
memory/2920-141-0x0000000000C90000-0x0000000001122000-memory.dmp

Filesize
4.6MB

Download
memory/2920-142-0x00007FFFB22D0000-0x00007FFFB2D91000-memory.dmp

Filesize
10.8MB

Download
memory/2920-143-0x000000001CE80000-0x000000001D042000-memory.dmp

Filesize
1.8MB

Download
memory/2920-144-0x00007FFFB22D0000-0x00007FFFB2D91000-memory.dmp

Filesize
10.8MB

Download