89730a01713e719ee2d3ad156cfc629b8a7bb6389149d01b7a10b30f9b49338d

Analysis

max time kernel
148s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
20-09-2022 17:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8c8ccd62ff67de6d08c2bd333fed74eb.exe
Size

303KB
MD5

8c8ccd62ff67de6d08c2bd333fed74eb
SHA1

a777654fbae0dbf08221974bc735049816fad27a
SHA256

89730a01713e719ee2d3ad156cfc629b8a7bb6389149d01b7a10b30f9b49338d
SHA512

2a38be61ee32265a8ea3b9b1908b03788394d4d653706ed0565abe2330a59827f5452ace0490a8796d738c183cd47dbd1e06fa0f80a0ca5e9947b5921f747952
SSDEEP

6144:ByH7xOc6H5c6HcT66vlm6o26jNYfXVYRa:BaR1dYU

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
3268	svchost.exe
2280	8c8ccd62ff67de6d08c2bd333fed74eb.exe
112	svchost.exe

Drops file in Program Files directory 51 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jdeps.exe	svchost.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	svchost.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\javafxpackager.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\javapackager.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\javaws.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jconsole.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jdb.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jhat.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jmap.exe	svchost.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\idlj.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\java.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\javadoc.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\javap.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jps.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jsadebugd.exe	svchost.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	svchost.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	svchost.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jstat.exe	svchost.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jarsigner.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\java-rmi.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jstack.exe	svchost.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	svchost.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE	svchost.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jar.exe	svchost.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\notification_helper.exe	svchost.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\setup.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\appletviewer.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\javaw.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jrunscript.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jcmd.exe	svchost.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	svchost.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe	svchost.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe	svchost.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe	svchost.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\javac.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\javah.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jinfo.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jmc.exe	svchost.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	svchost.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	svchost.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE	svchost.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\chrome_pwa_launcher.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\extcheck.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jabswitch.exe	svchost.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jjs.exe	svchost.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\svchost.exe	8c8ccd62ff67de6d08c2bd333fed74eb.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 3268	2040	8c8ccd62ff67de6d08c2bd333fed74eb.exe	85
PID 2040 wrote to memory of 3268	2040	8c8ccd62ff67de6d08c2bd333fed74eb.exe	85
PID 2040 wrote to memory of 3268	2040	8c8ccd62ff67de6d08c2bd333fed74eb.exe	85
PID 3268 wrote to memory of 2280	3268	svchost.exe	86
PID 3268 wrote to memory of 2280	3268	svchost.exe	86
PID 3268 wrote to memory of 2280	3268	svchost.exe	86

C:\Users\Admin\AppData\Local\Temp\8c8ccd62ff67de6d08c2bd333fed74eb.exe
"C:\Users\Admin\AppData\Local\Temp\8c8ccd62ff67de6d08c2bd333fed74eb.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Windows\svchost.exe
  "C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\8c8ccd62ff67de6d08c2bd333fed74eb.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:3268
- - C:\Users\Admin\AppData\Local\Temp\8c8ccd62ff67de6d08c2bd333fed74eb.exe
    "C:\Users\Admin\AppData\Local\Temp\8c8ccd62ff67de6d08c2bd333fed74eb.exe"
    3⤵
    - Executes dropped EXE
    PID:2280

C:\Windows\svchost.exe
C:\Windows\svchost.exe
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\8c8ccd62ff67de6d08c2bd333fed74eb.exe

Filesize
268KB

MD5
0b20c730ea2b416d3ff66b83a0fb282d

SHA1
6ec31f464fbce17bed367bd9edc667d16dcd3ba2

SHA256
6ef39ecbd0b1b54359691a49535c75ff56f6388809809672703feb9a61de1b84

SHA512
14b9defad737d5209a146bce9226bba57e602da67f1eb1d4c97030776da8119120e53080b298b76c5d7ad66e79e59a3554ef52b2eae910b97fbd91e3c8c91095

Download Submit
C:\Windows\svchost.exe

Filesize
35KB

MD5
13e083a9d53e948803694a603e69081a

SHA1
5f0926b43c970edad8b969cbec9cfebb5ad0a971

SHA256
305485ffc5c72617b5b4d6af8a69bc77574c05df4b21829e08bb3a6a2ffd16c5

SHA512
a2b4073ba2edafae7f276c2fb1279dd19f2be6dbe67ed1c9f94a082afca70286493b9c33e1fb705d7e1bab3fe66afc84173e9490751611b5c628970892d08814

Download Submit
C:\Windows\svchost.exe

Filesize
35KB

MD5
13e083a9d53e948803694a603e69081a

SHA1
5f0926b43c970edad8b969cbec9cfebb5ad0a971

SHA256
305485ffc5c72617b5b4d6af8a69bc77574c05df4b21829e08bb3a6a2ffd16c5

SHA512
a2b4073ba2edafae7f276c2fb1279dd19f2be6dbe67ed1c9f94a082afca70286493b9c33e1fb705d7e1bab3fe66afc84173e9490751611b5c628970892d08814

Download Submit
C:\Windows\svchost.exe

Filesize
35KB

MD5
13e083a9d53e948803694a603e69081a

SHA1
5f0926b43c970edad8b969cbec9cfebb5ad0a971

SHA256
305485ffc5c72617b5b4d6af8a69bc77574c05df4b21829e08bb3a6a2ffd16c5

SHA512
a2b4073ba2edafae7f276c2fb1279dd19f2be6dbe67ed1c9f94a082afca70286493b9c33e1fb705d7e1bab3fe66afc84173e9490751611b5c628970892d08814

Download Submit
memory/112-140-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/112-141-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/2040-133-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/3268-139-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads