Overview

overview

8

Static

static

847fc5cbe3...df.exe

windows7-x64

8

847fc5cbe3...df.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    167s
  • max time network
    189s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/10/2022, 22:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    847fc5cbe3c96731f0023f15a027c3aac486b194201c78bdd89b6d4f578eeedf.exe

  • Size

    67KB

  • MD5

    6d3d401da5cd65b8f0d91090c5bd0530

  • SHA1

    b01c08636d82019e8f692328271b5c31a53a1703

  • SHA256

    847fc5cbe3c96731f0023f15a027c3aac486b194201c78bdd89b6d4f578eeedf

  • SHA512

    0e5de4defcd5d29f69d0006273878b55ec18e1e2ee64975ad67c12c3df440c60566538f67e968c8556d36f5cd7b7092da5c3c2e7bf97cefc8dd4a4372ae8eecc

  • SSDEEP

    1536:FyrTg4O69U6RbftP8qPeY++34vKW7YRfzQ4XXSbK67:0JO9aqqmY++qYRfM4XXSG67

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\847fc5cbe3c96731f0023f15a027c3aac486b194201c78bdd89b6d4f578eeedf.exe
    "C:\Users\Admin\AppData\Local\Temp\847fc5cbe3c96731f0023f15a027c3aac486b194201c78bdd89b6d4f578eeedf.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4948
    • C:\Users\Admin\AppData\Local\Temp\umixbox.exe
      C:\Users\Admin\AppData\Local\Temp\umixbox.exe
      2⤵
      • Executes dropped EXE
      PID:4852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\umixbox.exe
    Filesize

    67KB

    MD5

    a22466b9ea38c68ab892da2396e82ce9

    SHA1

    b12b5bd381915e94f1dbd9d1c20958981806851a

    SHA256

    66e2edca2e0abe86ad07a5f77b4095e239236772a6397a302a138977a2325ec3

    SHA512

    a005ffd7f63cb43e183b50f9702e692e6211ba6a76cba1be854e665a171a8a244a4f7039f2c52141d5c72db37be30f82323b53327d663dd95871127a4987dd97

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\umixbox.exe
    Filesize

    67KB

    MD5

    a22466b9ea38c68ab892da2396e82ce9

    SHA1

    b12b5bd381915e94f1dbd9d1c20958981806851a

    SHA256

    66e2edca2e0abe86ad07a5f77b4095e239236772a6397a302a138977a2325ec3

    SHA512

    a005ffd7f63cb43e183b50f9702e692e6211ba6a76cba1be854e665a171a8a244a4f7039f2c52141d5c72db37be30f82323b53327d663dd95871127a4987dd97

    Download Submit

  • memory/4852-136-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4948-132-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download