Overview

overview

10

Static

static

10

ab.exe

windows7-x64

8

ab.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    75s
  • max time network
    133s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220721-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-08-2022 06:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ab.exe

  • Size

    72KB

  • MD5

    415fc1be896297c3c13b8ae8af296a5c

  • SHA1

    5fd71d1eb01ad2e533d3bbc6add262ae5c229867

  • SHA256

    53329cf65ee57bcde6de7e97c077174ada19a8cea82fbc152e4cce9115424f6f

  • SHA512

    079872f3584c5902c5846762d9680233b49e89fc29301779a5ebbb3a506a8f22a113b15b77e1722bd5bc90a5478befed55195f65eb05e97dee5d5cb7422f1eef

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ab.exe
    "C:\Users\Admin\AppData\Local\Temp\ab.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:656
    • C:\Users\Admin\AppData\Local\Temp\rund11.exe
      rund11.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:1380
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c pause
        3⤵
          PID:1472

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\rund11.exe
      Filesize

      11KB

      MD5

      f770263b748a51f6616116b420cea17a

      SHA1

      8381399950b0f3c38e49694c53c346e3fc26e2ad

      SHA256

      27d7a48dc76632406b83dc9a6d63696740d0d5513b615c6bcc42cc3db6d9645b

      SHA512

      3d1dfebf8492564fdf0084172a44f4be65d17d7d6834e1c4bc22f657d29de64b73d41ad94d81c77481b4bc015f94f6594498f71ff95c643b143856c5beb7731d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\rund11.exe
      Filesize

      11KB

      MD5

      f770263b748a51f6616116b420cea17a

      SHA1

      8381399950b0f3c38e49694c53c346e3fc26e2ad

      SHA256

      27d7a48dc76632406b83dc9a6d63696740d0d5513b615c6bcc42cc3db6d9645b

      SHA512

      3d1dfebf8492564fdf0084172a44f4be65d17d7d6834e1c4bc22f657d29de64b73d41ad94d81c77481b4bc015f94f6594498f71ff95c643b143856c5beb7731d

      Download Submit

    • memory/1380-131-0x0000000000000000-mapping.dmp

      Download

    • memory/1472-134-0x0000000000000000-mapping.dmp

      Download