Overview

overview

10

Static

static

10

6c4609a665...34.exe

windows7-x64

6

6c4609a665...34.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    144s
  • max time network
    103s
  • platform
    windows7_x64
  • resource
    win7-20220715-en
  • resource tags

    arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system
  • submitted
    31-07-2022 07:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6c4609a6655bac0b7a06c570772fbd6d2ef0e8c02ef38e35c10f17c7a245b734.exe

  • Size

    114KB

  • MD5

    d13f27532e3763fdc015616ba5388c4a

  • SHA1

    19bab590540b23a2bcaf9533df8e566ec9512640

  • SHA256

    6c4609a6655bac0b7a06c570772fbd6d2ef0e8c02ef38e35c10f17c7a245b734

  • SHA512

    b9d598187a29341f64bb612c6e8a350a7a8e496f303c5e026ba75d49b991dfcf977d217aa1477650f86e23ad48e6c18b5c03f63e193fdad8df70230d9ef46cd3

Score
6/10

Malware Config

Signatures

  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Modifies data under HKEY_USERS 42 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6c4609a6655bac0b7a06c570772fbd6d2ef0e8c02ef38e35c10f17c7a245b734.exe
    "C:\Users\Admin\AppData\Local\Temp\6c4609a6655bac0b7a06c570772fbd6d2ef0e8c02ef38e35c10f17c7a245b734.exe"
    1⤵
      PID:1904
    • C:\Windows\system32\taskeng.exe
      taskeng.exe {2BE4A707-9C3B-4904-97A7-B357AED5EC01} S-1-5-18:NT AUTHORITY\System:Service:
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2020
      • C:\Users\Admin\AppData\Local\Temp\6c4609a6655bac0b7a06c570772fbd6d2ef0e8c02ef38e35c10f17c7a245b734.exe
        C:\Users\Admin\AppData\Local\Temp\6c4609a6655bac0b7a06c570772fbd6d2ef0e8c02ef38e35c10f17c7a245b734.exe
        2⤵
        • Modifies data under HKEY_USERS
        PID:1592
      • C:\Users\Admin\AppData\Local\Temp\6c4609a6655bac0b7a06c570772fbd6d2ef0e8c02ef38e35c10f17c7a245b734.exe
        C:\Users\Admin\AppData\Local\Temp\6c4609a6655bac0b7a06c570772fbd6d2ef0e8c02ef38e35c10f17c7a245b734.exe
        2⤵
          PID:468

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/468-55-0x0000000000000000-mapping.dmp
        Download
      • memory/1592-54-0x0000000000000000-mapping.dmp
        Download