eb0bcb89ebf94adea17d15469688bdabeff6f290a81ce69c69fe36bb1f072232

Analysis

max time kernel
41s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
12-09-2022 09:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

teraterm-4.106.exe
Size

12.2MB
MD5

ac4dcff1798d7b3821fea4eead81a7f2
SHA1

e356eb72902093799231df58312d6305b09b47be
SHA256

eb0bcb89ebf94adea17d15469688bdabeff6f290a81ce69c69fe36bb1f072232
SHA512

7fd1b73cbe3352aaa906f73707a903908896203d161a50f4113883c44d9ce59633d7ec709f734f997f2fab8e65709efa5e64cb2e2db6066e2e0084683d5150de
SSDEEP

393216:MJvYvTr9Pl+Ny+Fpu/fRV9mtPWaSbm/HXl:z9Pl+NFFpUfRwPWaSbs1

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

teraterm-4.106.tmp

pid process

1712 teraterm-4.106.tmp
Loads dropped DLL 2 IoCs

Processes:

teraterm-4.106.exeteraterm-4.106.tmp

pid process

360 teraterm-4.106.exe
1712 teraterm-4.106.tmp

pid	process
1712	teraterm-4.106.tmp

pid	process
360	teraterm-4.106.exe
1712	teraterm-4.106.tmp

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

teraterm-4.106.exe

description	pid	process	target process
PID 360 wrote to memory of 1712	360	teraterm-4.106.exe	teraterm-4.106.tmp
PID 360 wrote to memory of 1712	360	teraterm-4.106.exe	teraterm-4.106.tmp
PID 360 wrote to memory of 1712	360	teraterm-4.106.exe	teraterm-4.106.tmp
PID 360 wrote to memory of 1712	360	teraterm-4.106.exe	teraterm-4.106.tmp
PID 360 wrote to memory of 1712	360	teraterm-4.106.exe	teraterm-4.106.tmp
PID 360 wrote to memory of 1712	360	teraterm-4.106.exe	teraterm-4.106.tmp
PID 360 wrote to memory of 1712	360	teraterm-4.106.exe	teraterm-4.106.tmp

C:\Users\Admin\AppData\Local\Temp\teraterm-4.106.exe
"C:\Users\Admin\AppData\Local\Temp\teraterm-4.106.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:360

C:\Users\Admin\AppData\Local\Temp\is-LPU11.tmp\teraterm-4.106.tmp
"C:\Users\Admin\AppData\Local\Temp\is-LPU11.tmp\teraterm-4.106.tmp" /SL5="$60122,12579060,58368,C:\Users\Admin\AppData\Local\Temp\teraterm-4.106.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1712

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-LPU11.tmp\teraterm-4.106.tmp
Filesize
702KB

MD5
1afbd25db5c9a90fe05309f7c4fbcf09

SHA1
baf330b5c249ca925b4ea19a52fe8b2c27e547fa

SHA256
3bb0ee5569fe5453c6b3fa25aa517b925d4f8d1f7ba3475e58fa09c46290658c

SHA512
3a448f06862c6d163fd58b68b836d866ae513e04a69774abf5a0c5b7df74f5b9ee37240083760185618c5068bf93e7fd812e76b3e530639111fb1d74f4d28419

Download Submit
\Users\Admin\AppData\Local\Temp\is-JVRGK.tmp\cygtool.dll
Filesize
76KB

MD5
f80b78a115aa17e903afc3ff313d4935

SHA1
1721e05a892e94798edf94b72152378f0fa894c8

SHA256
646035a9461b676cfff6a8f207ba12595d25c9ed664f6b4b3498ef42a400d0ca

SHA512
93c5148f6c6d74b0e88979fd05bb8c831a5f461294f3988ab9797bed89b4e84afe2774b5f48a486b210e0977b32cfcf02dbe66229d3966c4f26c3d61567754b5

Download Submit
\Users\Admin\AppData\Local\Temp\is-LPU11.tmp\teraterm-4.106.tmp
Filesize
702KB

MD5
1afbd25db5c9a90fe05309f7c4fbcf09

SHA1
baf330b5c249ca925b4ea19a52fe8b2c27e547fa

SHA256
3bb0ee5569fe5453c6b3fa25aa517b925d4f8d1f7ba3475e58fa09c46290658c

SHA512
3a448f06862c6d163fd58b68b836d866ae513e04a69774abf5a0c5b7df74f5b9ee37240083760185618c5068bf93e7fd812e76b3e530639111fb1d74f4d28419

Download Submit
memory/360-54-0x0000000075771000-0x0000000075773000-memory.dmp

Filesize
8KB

Download
memory/360-55-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/360-62-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1712-58-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads