Overview

overview

8

Static

static

90f69fdc99...28.exe

windows7-x64

8

90f69fdc99...28.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    91s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/09/2022, 10:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    90f69fdc99c234deb85a614b12228c112e0ea7c42b3602b3095d8bdc00f29928.exe

  • Size

    13.5MB

  • MD5

    f79ec3896acf600ece4a6822b07fc0e0

  • SHA1

    78d33546c72dcc2d82d0c22f30e91e94825ea904

  • SHA256

    90f69fdc99c234deb85a614b12228c112e0ea7c42b3602b3095d8bdc00f29928

  • SHA512

    d5d9793bbaa02e74c200dbb13907808ba7a352276636dbc2bee4a4cb91b323c8bceddfa04286bd2d8b462233b97df10970b96e6948e9bade43dbf461eee7b832

  • SSDEEP

    393216:QPcwaqW7ILYNfmwLIsHaf4uU8miT6VV/f:cOII+psHNuBmVlf

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\90f69fdc99c234deb85a614b12228c112e0ea7c42b3602b3095d8bdc00f29928.exe
    "C:\Users\Admin\AppData\Local\Temp\90f69fdc99c234deb85a614b12228c112e0ea7c42b3602b3095d8bdc00f29928.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1508
    • C:\Users\Admin\AppData\Local\Temp\is-NH4R7.tmp\90f69fdc99c234deb85a614b12228c112e0ea7c42b3602b3095d8bdc00f29928.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-NH4R7.tmp\90f69fdc99c234deb85a614b12228c112e0ea7c42b3602b3095d8bdc00f29928.tmp" /SL5="$601E2,13809128,79872,C:\Users\Admin\AppData\Local\Temp\90f69fdc99c234deb85a614b12228c112e0ea7c42b3602b3095d8bdc00f29928.exe"
      2⤵
      • Executes dropped EXE
      PID:4380

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-NH4R7.tmp\90f69fdc99c234deb85a614b12228c112e0ea7c42b3602b3095d8bdc00f29928.tmp
    Filesize

    733KB

    MD5

    ff1ddfe4619bfff923fb5cbb5753fa2b

    SHA1

    3c0adfde84292c47ccd83fc3d5f6f35a2f84a6af

    SHA256

    0ddbe902f4e340b1a5bb4c79a1cdc55607114bb59bb678e2e38c41b69737a59a

    SHA512

    6419798d2afa462e5c689e0c09826d4f51a3fef659e681de8312edda8e7da0ab5bb932fe62eb9af7d0e34b7fe3a2cb6e43fdfbd6be785de00a8648eaff9840fd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-NH4R7.tmp\90f69fdc99c234deb85a614b12228c112e0ea7c42b3602b3095d8bdc00f29928.tmp
    Filesize

    733KB

    MD5

    ff1ddfe4619bfff923fb5cbb5753fa2b

    SHA1

    3c0adfde84292c47ccd83fc3d5f6f35a2f84a6af

    SHA256

    0ddbe902f4e340b1a5bb4c79a1cdc55607114bb59bb678e2e38c41b69737a59a

    SHA512

    6419798d2afa462e5c689e0c09826d4f51a3fef659e681de8312edda8e7da0ab5bb932fe62eb9af7d0e34b7fe3a2cb6e43fdfbd6be785de00a8648eaff9840fd

    Download Submit

  • memory/1508-132-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1508-137-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1508-138-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download