Overview

overview

8

Static

static

fd84157471...a6.exe

windows7-x64

8

fd84157471...a6.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    131s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    01/10/2022, 23:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fd841574710498c370be4b0bb43c4083fd5efb46c1ebb2683281eef9cb5d0ea6.exe

  • Size

    33KB

  • MD5

    48fee81acc6d21e67884f4c69b81a9df

  • SHA1

    41bf8f03db3b4c77196a1d4382344ff0e13c1a81

  • SHA256

    fd841574710498c370be4b0bb43c4083fd5efb46c1ebb2683281eef9cb5d0ea6

  • SHA512

    4273510087f1a85cc91db5731fa2db819710ebe35977edbcb235e006925a37ba2e69a20365624c4807ee453f7a0139684c8fe28dc04ffe69cfcee439128700a5

  • SSDEEP

    384:LCTFb4yUeSaSCn0l0DpRHh1I9UYrmUIkd6OlgXXQau+rT:KFkyS0n0l0l1p7kd64gnhRrT

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fd841574710498c370be4b0bb43c4083fd5efb46c1ebb2683281eef9cb5d0ea6.exe
    "C:\Users\Admin\AppData\Local\Temp\fd841574710498c370be4b0bb43c4083fd5efb46c1ebb2683281eef9cb5d0ea6.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1184
    • C:\Users\Admin\AppData\Local\Temp\irvigline.exe
      C:\Users\Admin\AppData\Local\Temp\irvigline.exe
      2⤵
      • Executes dropped EXE
      • Deletes itself
      PID:2040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\irvigline.exe
    Filesize

    33KB

    MD5

    3b279b1300ac05d50e309cf104d2993e

    SHA1

    408fc1db06f1178536382837820147017a8889de

    SHA256

    e9fc1d42dd67fa0023d873baac740702f929db9656dc9b263012d4f4012430cb

    SHA512

    620f3a9fe55eb1adaf8fad47cabd9bee9f46e3a8cb7c195f8b4b0554e6920dedcb4043e620b6dc4500ab1c34948b59599d898fb6964abe42eceef8927f5703c9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\irvigline.exe
    Filesize

    33KB

    MD5

    3b279b1300ac05d50e309cf104d2993e

    SHA1

    408fc1db06f1178536382837820147017a8889de

    SHA256

    e9fc1d42dd67fa0023d873baac740702f929db9656dc9b263012d4f4012430cb

    SHA512

    620f3a9fe55eb1adaf8fad47cabd9bee9f46e3a8cb7c195f8b4b0554e6920dedcb4043e620b6dc4500ab1c34948b59599d898fb6964abe42eceef8927f5703c9

    Download Submit

  • \Users\Admin\AppData\Local\Temp\irvigline.exe
    Filesize

    33KB

    MD5

    3b279b1300ac05d50e309cf104d2993e

    SHA1

    408fc1db06f1178536382837820147017a8889de

    SHA256

    e9fc1d42dd67fa0023d873baac740702f929db9656dc9b263012d4f4012430cb

    SHA512

    620f3a9fe55eb1adaf8fad47cabd9bee9f46e3a8cb7c195f8b4b0554e6920dedcb4043e620b6dc4500ab1c34948b59599d898fb6964abe42eceef8927f5703c9

    Download Submit

  • memory/1184-57-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2040-59-0x0000000075A11000-0x0000000075A13000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2040-60-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download