3f963b77d690ed2cfdd6110a28e6749dc221afac7030811664fcffe5061cc57a

Analysis

max time kernel
35s
max time network
48s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
02/10/2022, 01:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3f963b77d690ed2cfdd6110a28e6749dc221afac7030811664fcffe5061cc57a.exe
Size

374KB
MD5

6e4308033daeab2ea4947c21317dff3d
SHA1

648330acbf2e08a5844903a709f8ac0eeaf0ccd4
SHA256

3f963b77d690ed2cfdd6110a28e6749dc221afac7030811664fcffe5061cc57a
SHA512

98cf97892ded7283a01a13b1c76f3b93cab62cc809145451441f80cb1dffcd3ddbe38bbfb089103b38ca696087f37d045285aab192a07dbcb057433df3137735
SSDEEP

6144:KyH7xOc6H5c6HcT66vlmFUsHe0BivO39zYpmH+kAzkA7ZUgbc6AYJ8rEdrEbAgMD:Ka8nIO39YAeNLFjAYarEdrEb5P6VxYA

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
1148	svchost.exe
2000	3f963b77d690ed2cfdd6110a28e6749dc221afac7030811664fcffe5061cc57a.exe
668	svchost.exe

Loads dropped DLL 1 IoCs

pid	Process
1148	svchost.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\svchost.exe	3f963b77d690ed2cfdd6110a28e6749dc221afac7030811664fcffe5061cc57a.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1048 wrote to memory of 1148	1048	3f963b77d690ed2cfdd6110a28e6749dc221afac7030811664fcffe5061cc57a.exe	27
PID 1048 wrote to memory of 1148	1048	3f963b77d690ed2cfdd6110a28e6749dc221afac7030811664fcffe5061cc57a.exe	27
PID 1048 wrote to memory of 1148	1048	3f963b77d690ed2cfdd6110a28e6749dc221afac7030811664fcffe5061cc57a.exe	27
PID 1048 wrote to memory of 1148	1048	3f963b77d690ed2cfdd6110a28e6749dc221afac7030811664fcffe5061cc57a.exe	27
PID 1148 wrote to memory of 2000	1148	svchost.exe	28
PID 1148 wrote to memory of 2000	1148	svchost.exe	28
PID 1148 wrote to memory of 2000	1148	svchost.exe	28
PID 1148 wrote to memory of 2000	1148	svchost.exe	28

C:\Users\Admin\AppData\Local\Temp\3f963b77d690ed2cfdd6110a28e6749dc221afac7030811664fcffe5061cc57a.exe
"C:\Users\Admin\AppData\Local\Temp\3f963b77d690ed2cfdd6110a28e6749dc221afac7030811664fcffe5061cc57a.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1048
- C:\Windows\svchost.exe
  "C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\3f963b77d690ed2cfdd6110a28e6749dc221afac7030811664fcffe5061cc57a.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1148
- - C:\Users\Admin\AppData\Local\Temp\3f963b77d690ed2cfdd6110a28e6749dc221afac7030811664fcffe5061cc57a.exe
    "C:\Users\Admin\AppData\Local\Temp\3f963b77d690ed2cfdd6110a28e6749dc221afac7030811664fcffe5061cc57a.exe"
    3⤵
    - Executes dropped EXE
    PID:2000

C:\Windows\svchost.exe
C:\Windows\svchost.exe
1⤵
- Executes dropped EXE
PID:668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\3f963b77d690ed2cfdd6110a28e6749dc221afac7030811664fcffe5061cc57a.exe

Filesize
339KB

MD5
ceaa5817a65e914aa178b28f12359a46

SHA1
534a7ea9c67bab3e8f2d41977bf43d41dfe951cf

SHA256
6c959cfb001fbb900958441dfd8b262fb33e052342948bab338775d3e83ef7f7

SHA512
fef4c0b451d18a9eb73045b3ddcd44450294f06c616cc7175850e6315a6265bd077c8fd09782c486eea624145c7d4c18f8e00a94c0deb394900f9b3e70e60320

Download Submit
C:\Windows\svchost.exe

Filesize
35KB

MD5
0846f4d37e6e2153163042f9d5c6588c

SHA1
3ebb70f4041bbedaeff3f9d1f00c4869d0151bc8

SHA256
79bbc0c3ae3bd6146f11b21dfaa4c5ec643a2bfcf0d92d06a936aa5845c00a90

SHA512
82fa6a149d98a51045413f9669d575a6ff4b78082955a9eeb6f21cd30f5a9d36a77faaa15b9bcfb1f4ec7ddff22894a399afa0164dac5ad11748113e1311a140

Download Submit
C:\Windows\svchost.exe

Filesize
35KB

MD5
0846f4d37e6e2153163042f9d5c6588c

SHA1
3ebb70f4041bbedaeff3f9d1f00c4869d0151bc8

SHA256
79bbc0c3ae3bd6146f11b21dfaa4c5ec643a2bfcf0d92d06a936aa5845c00a90

SHA512
82fa6a149d98a51045413f9669d575a6ff4b78082955a9eeb6f21cd30f5a9d36a77faaa15b9bcfb1f4ec7ddff22894a399afa0164dac5ad11748113e1311a140

Download Submit
C:\Windows\svchost.exe

Filesize
35KB

MD5
0846f4d37e6e2153163042f9d5c6588c

SHA1
3ebb70f4041bbedaeff3f9d1f00c4869d0151bc8

SHA256
79bbc0c3ae3bd6146f11b21dfaa4c5ec643a2bfcf0d92d06a936aa5845c00a90

SHA512
82fa6a149d98a51045413f9669d575a6ff4b78082955a9eeb6f21cd30f5a9d36a77faaa15b9bcfb1f4ec7ddff22894a399afa0164dac5ad11748113e1311a140

Download Submit
\Users\Admin\AppData\Local\Temp\3f963b77d690ed2cfdd6110a28e6749dc221afac7030811664fcffe5061cc57a.exe

Filesize
339KB

MD5
ceaa5817a65e914aa178b28f12359a46

SHA1
534a7ea9c67bab3e8f2d41977bf43d41dfe951cf

SHA256
6c959cfb001fbb900958441dfd8b262fb33e052342948bab338775d3e83ef7f7

SHA512
fef4c0b451d18a9eb73045b3ddcd44450294f06c616cc7175850e6315a6265bd077c8fd09782c486eea624145c7d4c18f8e00a94c0deb394900f9b3e70e60320

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads