Overview

overview

8

Static

static

cad2045612...00.exe

windows7-x64

8

cad2045612...00.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    143s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/10/2022, 22:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cad20456127f2aee99f892e6ae8fc6ee531544a84e232da9266e515cf169df00.exe

  • Size

    38KB

  • MD5

    596d0501c2764932d92ddeba1fed21a0

  • SHA1

    24d3f994ae16c2fc980de4e7271c83fc278b28e0

  • SHA256

    cad20456127f2aee99f892e6ae8fc6ee531544a84e232da9266e515cf169df00

  • SHA512

    29eda10aceace3e3e05f1a874f0f0e6e065ec75b147a0ae815f3fb57c15a01c83bd311c9ee62d5358fcbc5feb046f70e3a369ecadeaf05398202878c726d11eb

  • SSDEEP

    768:zSabhxzazAw33VQQdMh/tQ4XWIfmSDpTK:DbhFby3SQdMh/tTXWIfbDY

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cad20456127f2aee99f892e6ae8fc6ee531544a84e232da9266e515cf169df00.exe
    "C:\Users\Admin\AppData\Local\Temp\cad20456127f2aee99f892e6ae8fc6ee531544a84e232da9266e515cf169df00.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4908
    • C:\Users\Admin\AppData\Local\Temp\famudit.exe
      C:\Users\Admin\AppData\Local\Temp\famudit.exe
      2⤵
      • Executes dropped EXE
      PID:4828

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\famudit.exe
    Filesize

    38KB

    MD5

    64a02fd43c3795c5bfcd4e1ad2622fc9

    SHA1

    6c2af266b42f8b5de424b5d560daf94541ff2832

    SHA256

    cf49f8e9791431383d885a643c9e521f808cfa123f9742bd49a94a43cd1ce21e

    SHA512

    f06727d4e4734ebd7920da138c5924c29555ebbae47da0545720321df053deacb4eb6c551b31e8c260a27420aedb8ade3556d76944c82c73d8bbbf100854564a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\famudit.exe
    Filesize

    38KB

    MD5

    64a02fd43c3795c5bfcd4e1ad2622fc9

    SHA1

    6c2af266b42f8b5de424b5d560daf94541ff2832

    SHA256

    cf49f8e9791431383d885a643c9e521f808cfa123f9742bd49a94a43cd1ce21e

    SHA512

    f06727d4e4734ebd7920da138c5924c29555ebbae47da0545720321df053deacb4eb6c551b31e8c260a27420aedb8ade3556d76944c82c73d8bbbf100854564a

    Download Submit

  • memory/4828-136-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/4908-135-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB

    Download