Analysis
-
max time kernel
38s -
max time network
41s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
14-09-2022 01:36
Static task
static1
Behavioral task
behavioral1
Sample
ee9225a3450a120e57d5e74c6b8e46c4.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
ee9225a3450a120e57d5e74c6b8e46c4.exe
Resource
win10v2004-20220901-en
General
-
Target
ee9225a3450a120e57d5e74c6b8e46c4.exe
-
Size
253KB
-
MD5
ee9225a3450a120e57d5e74c6b8e46c4
-
SHA1
c62bd2cdb9c3b09dde6be28d916c094439be204d
-
SHA256
52a324666aedcea62560fff3ffe06ef271013cb0f9f7414d9e445e399e4c5197
-
SHA512
024d66dfc15aef6bdb4b6d750b27bdd339fdf867962b949c598418a92932b221b49d3abd5155f55c308c5d1cf4e10907d5d4b1bae9411b80fa45e5f95bdfe4c1
-
SSDEEP
6144:GRgym92YGB+40vPLGPAYnaI5ply43vNRNByTb7NF31Ns:G6fu+40vPcbL3vNRM91M
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
winvnc.exepid process 1872 winvnc.exe -
Loads dropped DLL 5 IoCs
Processes:
ee9225a3450a120e57d5e74c6b8e46c4.exewinvnc.exepid process 544 ee9225a3450a120e57d5e74c6b8e46c4.exe 544 ee9225a3450a120e57d5e74c6b8e46c4.exe 1872 winvnc.exe 1872 winvnc.exe 1872 winvnc.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
ee9225a3450a120e57d5e74c6b8e46c4.exedescription pid process target process PID 544 wrote to memory of 1872 544 ee9225a3450a120e57d5e74c6b8e46c4.exe winvnc.exe PID 544 wrote to memory of 1872 544 ee9225a3450a120e57d5e74c6b8e46c4.exe winvnc.exe PID 544 wrote to memory of 1872 544 ee9225a3450a120e57d5e74c6b8e46c4.exe winvnc.exe PID 544 wrote to memory of 1872 544 ee9225a3450a120e57d5e74c6b8e46c4.exe winvnc.exe PID 544 wrote to memory of 1872 544 ee9225a3450a120e57d5e74c6b8e46c4.exe winvnc.exe PID 544 wrote to memory of 1872 544 ee9225a3450a120e57d5e74c6b8e46c4.exe winvnc.exe PID 544 wrote to memory of 1872 544 ee9225a3450a120e57d5e74c6b8e46c4.exe winvnc.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\ee9225a3450a120e57d5e74c6b8e46c4.exe"C:\Users\Admin\AppData\Local\Temp\ee9225a3450a120e57d5e74c6b8e46c4.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:544 -
C:\Users\Admin\AppData\Local\Temp\7zS6BDE.tmp\winvnc.exe.\winvnc.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1872
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD504e85705e55fdce220278ebb75331baa
SHA1f8da5272ebdfd32239eed0374feb9d8a51d44c50
SHA256160191cc57be4f87d48284c12159308b7a59dbb0b062f9ae830c66b820eba662
SHA5121d35c18bde5776e9f575d3ff1cd867e0f986cb77db9a589733ff3671f6fa4fc874d25490515186534410965f1909b8a47bd9368cf36274792e143777d760c975
-
Filesize
905B
MD57609d59f29c15b97ff7e31aac71c0415
SHA18876cb06b11c567ab364cb4256953e97af749a2f
SHA2567b61cea65d9f1c16a7bde73e8780148449df0235d002c4852de91093ac69c835
SHA512d313971af691dbf908375d171d66b528ff8ed379618191c20208819b1ae07bbea1d8466cb3b676f96bfb88b379811bb41918c16ebe1fc84a0b54ca158b5dec13
-
Filesize
251KB
MD540a21759f5ad164f5c58e3c4c1a30ede
SHA1287b840f6bd10a05922d9ded005eda53128efe12
SHA2565ffb6b4b753e5915516c03f91e6cd09dcfdc87004ce3ecdd2e3e8d51bc0bea72
SHA51219a1052731f8780dac7855454d38685a0e11a898c98c0138c8dcad722f34f9e50f34bbcad5915bf62886942934795d5907e2be081ce84639d415f14aa368db28
-
Filesize
251KB
MD540a21759f5ad164f5c58e3c4c1a30ede
SHA1287b840f6bd10a05922d9ded005eda53128efe12
SHA2565ffb6b4b753e5915516c03f91e6cd09dcfdc87004ce3ecdd2e3e8d51bc0bea72
SHA51219a1052731f8780dac7855454d38685a0e11a898c98c0138c8dcad722f34f9e50f34bbcad5915bf62886942934795d5907e2be081ce84639d415f14aa368db28
-
Filesize
251KB
MD540a21759f5ad164f5c58e3c4c1a30ede
SHA1287b840f6bd10a05922d9ded005eda53128efe12
SHA2565ffb6b4b753e5915516c03f91e6cd09dcfdc87004ce3ecdd2e3e8d51bc0bea72
SHA51219a1052731f8780dac7855454d38685a0e11a898c98c0138c8dcad722f34f9e50f34bbcad5915bf62886942934795d5907e2be081ce84639d415f14aa368db28
-
Filesize
251KB
MD540a21759f5ad164f5c58e3c4c1a30ede
SHA1287b840f6bd10a05922d9ded005eda53128efe12
SHA2565ffb6b4b753e5915516c03f91e6cd09dcfdc87004ce3ecdd2e3e8d51bc0bea72
SHA51219a1052731f8780dac7855454d38685a0e11a898c98c0138c8dcad722f34f9e50f34bbcad5915bf62886942934795d5907e2be081ce84639d415f14aa368db28
-
Filesize
251KB
MD540a21759f5ad164f5c58e3c4c1a30ede
SHA1287b840f6bd10a05922d9ded005eda53128efe12
SHA2565ffb6b4b753e5915516c03f91e6cd09dcfdc87004ce3ecdd2e3e8d51bc0bea72
SHA51219a1052731f8780dac7855454d38685a0e11a898c98c0138c8dcad722f34f9e50f34bbcad5915bf62886942934795d5907e2be081ce84639d415f14aa368db28
-
Filesize
251KB
MD540a21759f5ad164f5c58e3c4c1a30ede
SHA1287b840f6bd10a05922d9ded005eda53128efe12
SHA2565ffb6b4b753e5915516c03f91e6cd09dcfdc87004ce3ecdd2e3e8d51bc0bea72
SHA51219a1052731f8780dac7855454d38685a0e11a898c98c0138c8dcad722f34f9e50f34bbcad5915bf62886942934795d5907e2be081ce84639d415f14aa368db28
-
Filesize
251KB
MD540a21759f5ad164f5c58e3c4c1a30ede
SHA1287b840f6bd10a05922d9ded005eda53128efe12
SHA2565ffb6b4b753e5915516c03f91e6cd09dcfdc87004ce3ecdd2e3e8d51bc0bea72
SHA51219a1052731f8780dac7855454d38685a0e11a898c98c0138c8dcad722f34f9e50f34bbcad5915bf62886942934795d5907e2be081ce84639d415f14aa368db28