52a324666aedcea62560fff3ffe06ef271013cb0f9f7414d9e445e399e4c5197

Analysis

max time kernel
45s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
14-09-2022 21:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

tmp.exe
Size

253KB
MD5

ee9225a3450a120e57d5e74c6b8e46c4
SHA1

c62bd2cdb9c3b09dde6be28d916c094439be204d
SHA256

52a324666aedcea62560fff3ffe06ef271013cb0f9f7414d9e445e399e4c5197
SHA512

024d66dfc15aef6bdb4b6d750b27bdd339fdf867962b949c598418a92932b221b49d3abd5155f55c308c5d1cf4e10907d5d4b1bae9411b80fa45e5f95bdfe4c1
SSDEEP

6144:GRgym92YGB+40vPLGPAYnaI5ply43vNRNByTb7NF31Ns:G6fu+40vPcbL3vNRM91M

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

winvnc.exe

pid process

760 winvnc.exe
Loads dropped DLL 5 IoCs

Processes:

tmp.exewinvnc.exe

pid process

1200 tmp.exe
1200 tmp.exe
760 winvnc.exe
760 winvnc.exe
760 winvnc.exe

pid	process
760	winvnc.exe

pid	process
1200	tmp.exe
1200	tmp.exe
760	winvnc.exe
760	winvnc.exe
760	winvnc.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

tmp.exe

description	pid	process	target process
PID 1200 wrote to memory of 760	1200	tmp.exe	winvnc.exe
PID 1200 wrote to memory of 760	1200	tmp.exe	winvnc.exe
PID 1200 wrote to memory of 760	1200	tmp.exe	winvnc.exe
PID 1200 wrote to memory of 760	1200	tmp.exe	winvnc.exe
PID 1200 wrote to memory of 760	1200	tmp.exe	winvnc.exe
PID 1200 wrote to memory of 760	1200	tmp.exe	winvnc.exe
PID 1200 wrote to memory of 760	1200	tmp.exe	winvnc.exe

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1200
- C:\Users\Admin\AppData\Local\Temp\7zS19C9.tmp\winvnc.exe
  .\winvnc.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS19C9.tmp\background.bmp

Filesize
1KB

MD5
04e85705e55fdce220278ebb75331baa

SHA1
f8da5272ebdfd32239eed0374feb9d8a51d44c50

SHA256
160191cc57be4f87d48284c12159308b7a59dbb0b062f9ae830c66b820eba662

SHA512
1d35c18bde5776e9f575d3ff1cd867e0f986cb77db9a589733ff3671f6fa4fc874d25490515186534410965f1909b8a47bd9368cf36274792e143777d760c975

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS19C9.tmp\helpdesk.txt

Filesize
905B

MD5
7609d59f29c15b97ff7e31aac71c0415

SHA1
8876cb06b11c567ab364cb4256953e97af749a2f

SHA256
7b61cea65d9f1c16a7bde73e8780148449df0235d002c4852de91093ac69c835

SHA512
d313971af691dbf908375d171d66b528ff8ed379618191c20208819b1ae07bbea1d8466cb3b676f96bfb88b379811bb41918c16ebe1fc84a0b54ca158b5dec13

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS19C9.tmp\winvnc.exe

Filesize
251KB

MD5
40a21759f5ad164f5c58e3c4c1a30ede

SHA1
287b840f6bd10a05922d9ded005eda53128efe12

SHA256
5ffb6b4b753e5915516c03f91e6cd09dcfdc87004ce3ecdd2e3e8d51bc0bea72

SHA512
19a1052731f8780dac7855454d38685a0e11a898c98c0138c8dcad722f34f9e50f34bbcad5915bf62886942934795d5907e2be081ce84639d415f14aa368db28

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS19C9.tmp\winvnc.exe

Filesize
251KB

MD5
40a21759f5ad164f5c58e3c4c1a30ede

SHA1
287b840f6bd10a05922d9ded005eda53128efe12

SHA256
5ffb6b4b753e5915516c03f91e6cd09dcfdc87004ce3ecdd2e3e8d51bc0bea72

SHA512
19a1052731f8780dac7855454d38685a0e11a898c98c0138c8dcad722f34f9e50f34bbcad5915bf62886942934795d5907e2be081ce84639d415f14aa368db28

Download Submit
\Users\Admin\AppData\Local\Temp\7zS19C9.tmp\winvnc.exe

Filesize
251KB

MD5
40a21759f5ad164f5c58e3c4c1a30ede

SHA1
287b840f6bd10a05922d9ded005eda53128efe12

SHA256
5ffb6b4b753e5915516c03f91e6cd09dcfdc87004ce3ecdd2e3e8d51bc0bea72

SHA512
19a1052731f8780dac7855454d38685a0e11a898c98c0138c8dcad722f34f9e50f34bbcad5915bf62886942934795d5907e2be081ce84639d415f14aa368db28

Download Submit
\Users\Admin\AppData\Local\Temp\7zS19C9.tmp\winvnc.exe

Filesize
251KB

MD5
40a21759f5ad164f5c58e3c4c1a30ede

SHA1
287b840f6bd10a05922d9ded005eda53128efe12

SHA256
5ffb6b4b753e5915516c03f91e6cd09dcfdc87004ce3ecdd2e3e8d51bc0bea72

SHA512
19a1052731f8780dac7855454d38685a0e11a898c98c0138c8dcad722f34f9e50f34bbcad5915bf62886942934795d5907e2be081ce84639d415f14aa368db28

Download Submit
\Users\Admin\AppData\Local\Temp\7zS19C9.tmp\winvnc.exe

Filesize
251KB

MD5
40a21759f5ad164f5c58e3c4c1a30ede

SHA1
287b840f6bd10a05922d9ded005eda53128efe12

SHA256
5ffb6b4b753e5915516c03f91e6cd09dcfdc87004ce3ecdd2e3e8d51bc0bea72

SHA512
19a1052731f8780dac7855454d38685a0e11a898c98c0138c8dcad722f34f9e50f34bbcad5915bf62886942934795d5907e2be081ce84639d415f14aa368db28

Download Submit
\Users\Admin\AppData\Local\Temp\7zS19C9.tmp\winvnc.exe

Filesize
251KB

MD5
40a21759f5ad164f5c58e3c4c1a30ede

SHA1
287b840f6bd10a05922d9ded005eda53128efe12

SHA256
5ffb6b4b753e5915516c03f91e6cd09dcfdc87004ce3ecdd2e3e8d51bc0bea72

SHA512
19a1052731f8780dac7855454d38685a0e11a898c98c0138c8dcad722f34f9e50f34bbcad5915bf62886942934795d5907e2be081ce84639d415f14aa368db28

Download Submit
\Users\Admin\AppData\Local\Temp\7zS19C9.tmp\winvnc.exe

Filesize
251KB

MD5
40a21759f5ad164f5c58e3c4c1a30ede

SHA1
287b840f6bd10a05922d9ded005eda53128efe12

SHA256
5ffb6b4b753e5915516c03f91e6cd09dcfdc87004ce3ecdd2e3e8d51bc0bea72

SHA512
19a1052731f8780dac7855454d38685a0e11a898c98c0138c8dcad722f34f9e50f34bbcad5915bf62886942934795d5907e2be081ce84639d415f14aa368db28

Download Submit
memory/760-57-0x0000000000000000-mapping.dmp

Download
memory/1200-54-0x0000000075AC1000-0x0000000075AC3000-memory.dmp

Filesize
8KB

Download