Analysis
-
max time kernel
138s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20220721-en -
resource tags
arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system -
submitted
25-07-2022 04:30
Behavioral task
behavioral1
Sample
ae6dd2dcb0dc781d599acd25d1273f2ffe8420479ceebf58f5b8af86db9bc70a.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
ae6dd2dcb0dc781d599acd25d1273f2ffe8420479ceebf58f5b8af86db9bc70a.exe
Resource
win10v2004-20220721-en
General
-
Target
ae6dd2dcb0dc781d599acd25d1273f2ffe8420479ceebf58f5b8af86db9bc70a.exe
-
Size
6.9MB
-
MD5
3ff807c1b6c883fa9b1761bc1cc92912
-
SHA1
5e19eb1722cac026aaee4e61da7e0efb22e9c4a4
-
SHA256
ae6dd2dcb0dc781d599acd25d1273f2ffe8420479ceebf58f5b8af86db9bc70a
-
SHA512
e029ba348829ddf573c36cf9d11415a2b49af4c6fe12c9563515cd8362fd7b5892982c5f473d9087f552cfd424c489d1a6890782187d0509c8574a5370e0d5eb
Malware Config
Signatures
-
Drops startup file 2 IoCs
Processes:
cmd.exedescription ioc process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchostsw.exe cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchostsw.exe cmd.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
ae6dd2dcb0dc781d599acd25d1273f2ffe8420479ceebf58f5b8af86db9bc70a.exedescription pid process target process PID 1576 wrote to memory of 4496 1576 ae6dd2dcb0dc781d599acd25d1273f2ffe8420479ceebf58f5b8af86db9bc70a.exe cmd.exe PID 1576 wrote to memory of 4496 1576 ae6dd2dcb0dc781d599acd25d1273f2ffe8420479ceebf58f5b8af86db9bc70a.exe cmd.exe PID 1576 wrote to memory of 4496 1576 ae6dd2dcb0dc781d599acd25d1273f2ffe8420479ceebf58f5b8af86db9bc70a.exe cmd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\ae6dd2dcb0dc781d599acd25d1273f2ffe8420479ceebf58f5b8af86db9bc70a.exe"C:\Users\Admin\AppData\Local\Temp\ae6dd2dcb0dc781d599acd25d1273f2ffe8420479ceebf58f5b8af86db9bc70a.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /Q /C C:\Users\Admin\AppData\Local\Temp/s.bat2⤵
- Drops startup file
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\s.batFilesize
323B
MD5bc8864d35caba8d3fa4cda31016d406d
SHA1cd3cde62cbfd92ebde9b37ab8cb0139170cefe02
SHA2566f7d7f2718f0ce24cdb23118d3f407052d8511f4a1ce1ea8d9fe0caa7cadd93b
SHA51291ef338f22641671bc5a00575bfe5bc0b3fe26e0f71f839a50fb758d4b53534196b37877f0e095c240a7266a7cf00f834855a4a00768dc87f5f9ead6048f6b4c
-
memory/1576-130-0x0000000000400000-0x0000000000AE4000-memory.dmpFilesize
6.9MB
-
memory/1576-133-0x0000000000400000-0x0000000000AE4000-memory.dmpFilesize
6.9MB
-
memory/4496-131-0x0000000000000000-mapping.dmp