4c3510b12f2ec0a13cde24d36bfe16f82fdda3e3657ef2857e2b911f97e7bf1f

Analysis

max time kernel
38s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/09/2022, 16:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4c3510b12f2ec0a13cde24d36bfe16f82fdda3e3657ef2857e2b911f97e7bf1f.exe
Size

92KB
MD5

a030af21e7981fece5ac140e580aff24
SHA1

23654607a6f3597643a84eb4bce6b1858deac52f
SHA256

4c3510b12f2ec0a13cde24d36bfe16f82fdda3e3657ef2857e2b911f97e7bf1f
SHA512

a8f24728dfc6b3395c5ac031a9432bd226fa455249ed9d4fd1155b89ca0d7337f81e86fd5994c716ade6225ba3d3b7d0baa6e8a3f102d580210f20e4e398dcb2
SSDEEP

1536:jfsRrCqzTIg692VvSpgmoUNQ4D14tOvuZAluju:jfsRJR69WvUgm1/FuZAluju

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1984	1.exe-crypted.exe.ucc.exe

Loads dropped DLL 2 IoCs

pid	Process
1172	4c3510b12f2ec0a13cde24d36bfe16f82fdda3e3657ef2857e2b911f97e7bf1f.exe
1172	4c3510b12f2ec0a13cde24d36bfe16f82fdda3e3657ef2857e2b911f97e7bf1f.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1984	1.exe-crypted.exe.ucc.exe
1984	1.exe-crypted.exe.ucc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1172	4c3510b12f2ec0a13cde24d36bfe16f82fdda3e3657ef2857e2b911f97e7bf1f.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 1172 wrote to memory of 1984	1172	4c3510b12f2ec0a13cde24d36bfe16f82fdda3e3657ef2857e2b911f97e7bf1f.exe	27
PID 1172 wrote to memory of 1984	1172	4c3510b12f2ec0a13cde24d36bfe16f82fdda3e3657ef2857e2b911f97e7bf1f.exe	27
PID 1172 wrote to memory of 1984	1172	4c3510b12f2ec0a13cde24d36bfe16f82fdda3e3657ef2857e2b911f97e7bf1f.exe	27
PID 1172 wrote to memory of 1984	1172	4c3510b12f2ec0a13cde24d36bfe16f82fdda3e3657ef2857e2b911f97e7bf1f.exe	27
PID 1984 wrote to memory of 1216	1984	1.exe-crypted.exe.ucc.exe	14
PID 1984 wrote to memory of 1216	1984	1.exe-crypted.exe.ucc.exe	14
PID 1984 wrote to memory of 1216	1984	1.exe-crypted.exe.ucc.exe	14
PID 1984 wrote to memory of 1216	1984	1.exe-crypted.exe.ucc.exe	14
PID 1984 wrote to memory of 1216	1984	1.exe-crypted.exe.ucc.exe	14
PID 1984 wrote to memory of 1216	1984	1.exe-crypted.exe.ucc.exe	14

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1216
- C:\Users\Admin\AppData\Local\Temp\4c3510b12f2ec0a13cde24d36bfe16f82fdda3e3657ef2857e2b911f97e7bf1f.exe
  "C:\Users\Admin\AppData\Local\Temp\4c3510b12f2ec0a13cde24d36bfe16f82fdda3e3657ef2857e2b911f97e7bf1f.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1172
- - C:\Users\Admin\AppData\Local\Temp\1.exe-crypted.exe.ucc.exe
    C:\Users\Admin\AppData\Local\Temp\1.exe-crypted.exe.ucc.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1.exe-crypted.exe.ucc.exe

Filesize
28KB

MD5
781b2b39db867ac8f2d3fb186b2f092b

SHA1
5e6f963bcf788e6301ace9a639d59c3091f05a6c

SHA256
ee39c328fe46eb0721fa0e0c72d0db22c5cf284aa28f3df6a8e4120a7c33257c

SHA512
c565d51a20b065292cad3202ef38ada12a50d0030eb3b2f51771d3f4a1bba92133dc739e18d11ae7bc1a8cd7ef1833e9136469144921ed250bdc463926612e73

Download Submit
C:\Users\Admin\AppData\Local\Temp\1.exe-crypted.exe.ucc.exe

Filesize
28KB

MD5
781b2b39db867ac8f2d3fb186b2f092b

SHA1
5e6f963bcf788e6301ace9a639d59c3091f05a6c

SHA256
ee39c328fe46eb0721fa0e0c72d0db22c5cf284aa28f3df6a8e4120a7c33257c

SHA512
c565d51a20b065292cad3202ef38ada12a50d0030eb3b2f51771d3f4a1bba92133dc739e18d11ae7bc1a8cd7ef1833e9136469144921ed250bdc463926612e73

Download Submit
\Users\Admin\AppData\Local\Temp\1.exe-crypted.exe.ucc.exe

Filesize
28KB

MD5
781b2b39db867ac8f2d3fb186b2f092b

SHA1
5e6f963bcf788e6301ace9a639d59c3091f05a6c

SHA256
ee39c328fe46eb0721fa0e0c72d0db22c5cf284aa28f3df6a8e4120a7c33257c

SHA512
c565d51a20b065292cad3202ef38ada12a50d0030eb3b2f51771d3f4a1bba92133dc739e18d11ae7bc1a8cd7ef1833e9136469144921ed250bdc463926612e73

Download Submit
\Users\Admin\AppData\Local\Temp\1.exe-crypted.exe.ucc.exe

Filesize
28KB

MD5
781b2b39db867ac8f2d3fb186b2f092b

SHA1
5e6f963bcf788e6301ace9a639d59c3091f05a6c

SHA256
ee39c328fe46eb0721fa0e0c72d0db22c5cf284aa28f3df6a8e4120a7c33257c

SHA512
c565d51a20b065292cad3202ef38ada12a50d0030eb3b2f51771d3f4a1bba92133dc739e18d11ae7bc1a8cd7ef1833e9136469144921ed250bdc463926612e73

Download Submit
memory/1172-62-0x0000000000260000-0x0000000000269000-memory.dmp

Filesize
36KB

Download
memory/1172-63-0x0000000000260000-0x0000000000269000-memory.dmp

Filesize
36KB

Download
memory/1216-66-0x000000007EFC0000-0x000000007EFC6000-memory.dmp

Filesize
24KB

Download
memory/1984-60-0x0000000075571000-0x0000000075573000-memory.dmp

Filesize
8KB

Download
memory/1984-64-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1984-65-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download