3ca2f83fe522500bbb8dd583b3a2a3c26b9ba4d024b5919a0f75aca8c9da575a

Analysis

max time kernel
28s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02-10-2022 05:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3ca2f83fe522500bbb8dd583b3a2a3c26b9ba4d024b5919a0f75aca8c9da575a.exe
Size

135KB
MD5

706023cb195138fd654f2d1f111d3983
SHA1

4806c266be8615740fef37f67e526c34917d308e
SHA256

3ca2f83fe522500bbb8dd583b3a2a3c26b9ba4d024b5919a0f75aca8c9da575a
SHA512

2427dce630009cd8a2176247e4a47009b46584c28fdf64fe2d92cef1b26b30e124da0dd86764b566312b4a038924e5e83e69369f7b9a9fbdcc3d2fa7a5b16743
SSDEEP

3072:MyH99g4byc6H5c6HcT66vlmm+ecYEtfapZcyFpdiiOM8cUK4:MyH7xOc6H5c6HcT66vlmKNEt21C/

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
1536	svchost.exe
1324	3ca2f83fe522500bbb8dd583b3a2a3c26b9ba4d024b5919a0f75aca8c9da575a.exe
760	svchost.exe

Loads dropped DLL 2 IoCs

pid	Process
1536	svchost.exe
1536	svchost.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\svchost.exe	3ca2f83fe522500bbb8dd583b3a2a3c26b9ba4d024b5919a0f75aca8c9da575a.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1388 wrote to memory of 1536	1388	3ca2f83fe522500bbb8dd583b3a2a3c26b9ba4d024b5919a0f75aca8c9da575a.exe	26
PID 1388 wrote to memory of 1536	1388	3ca2f83fe522500bbb8dd583b3a2a3c26b9ba4d024b5919a0f75aca8c9da575a.exe	26
PID 1388 wrote to memory of 1536	1388	3ca2f83fe522500bbb8dd583b3a2a3c26b9ba4d024b5919a0f75aca8c9da575a.exe	26
PID 1388 wrote to memory of 1536	1388	3ca2f83fe522500bbb8dd583b3a2a3c26b9ba4d024b5919a0f75aca8c9da575a.exe	26
PID 1536 wrote to memory of 1324	1536	svchost.exe	27
PID 1536 wrote to memory of 1324	1536	svchost.exe	27
PID 1536 wrote to memory of 1324	1536	svchost.exe	27
PID 1536 wrote to memory of 1324	1536	svchost.exe	27

C:\Users\Admin\AppData\Local\Temp\3ca2f83fe522500bbb8dd583b3a2a3c26b9ba4d024b5919a0f75aca8c9da575a.exe
"C:\Users\Admin\AppData\Local\Temp\3ca2f83fe522500bbb8dd583b3a2a3c26b9ba4d024b5919a0f75aca8c9da575a.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1388
- C:\Windows\svchost.exe
  "C:\Windows\svchost.exe" "C:\Users\Admin\AppData\Local\Temp\3ca2f83fe522500bbb8dd583b3a2a3c26b9ba4d024b5919a0f75aca8c9da575a.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1536
- - C:\Users\Admin\AppData\Local\Temp\3ca2f83fe522500bbb8dd583b3a2a3c26b9ba4d024b5919a0f75aca8c9da575a.exe
    "C:\Users\Admin\AppData\Local\Temp\3ca2f83fe522500bbb8dd583b3a2a3c26b9ba4d024b5919a0f75aca8c9da575a.exe"
    3⤵
    - Executes dropped EXE
    PID:1324

C:\Windows\svchost.exe
C:\Windows\svchost.exe
1⤵
- Executes dropped EXE
PID:760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\3ca2f83fe522500bbb8dd583b3a2a3c26b9ba4d024b5919a0f75aca8c9da575a.exe

Filesize
100KB

MD5
c8394f5825a4f6df4f2c181619d8dd5f

SHA1
6e4828a527cbf6e1a583296b17c1e7e22bda3e49

SHA256
b62a216f1ebf90afbb0263910ddf882404cf6c13f357abfadd76ddc7bccb684b

SHA512
175fccc3b7a5fdc49cb9b258422bebcc23dc1f1bede38b2ac465d42a2bd3ffc2b38cd2396442c44269b90848b88643c13a77b2493d0a3a6d907bed2684c30e46

Download Submit
C:\Windows\svchost.exe

Filesize
35KB

MD5
2fe303a374fe98708fe0e243e932afc1

SHA1
4e480ff2935ff2cdc64332456b8320175dae4f79

SHA256
5aaf3cf98b37de6543cbafa934016534811fe2ae1521cc52cbd2e6a943300e8f

SHA512
3da2a748837b48d68ae7f1b50dbbb5be8212e45b18b7b89cf4116d6f53b1070c849f39030596a2e165ac8b852e98fde7923d3bd617983e71d42a301e7feafae8

Download Submit
C:\Windows\svchost.exe

Filesize
35KB

MD5
2fe303a374fe98708fe0e243e932afc1

SHA1
4e480ff2935ff2cdc64332456b8320175dae4f79

SHA256
5aaf3cf98b37de6543cbafa934016534811fe2ae1521cc52cbd2e6a943300e8f

SHA512
3da2a748837b48d68ae7f1b50dbbb5be8212e45b18b7b89cf4116d6f53b1070c849f39030596a2e165ac8b852e98fde7923d3bd617983e71d42a301e7feafae8

Download Submit
C:\Windows\svchost.exe

Filesize
35KB

MD5
2fe303a374fe98708fe0e243e932afc1

SHA1
4e480ff2935ff2cdc64332456b8320175dae4f79

SHA256
5aaf3cf98b37de6543cbafa934016534811fe2ae1521cc52cbd2e6a943300e8f

SHA512
3da2a748837b48d68ae7f1b50dbbb5be8212e45b18b7b89cf4116d6f53b1070c849f39030596a2e165ac8b852e98fde7923d3bd617983e71d42a301e7feafae8

Download Submit
\Users\Admin\AppData\Local\Temp\3ca2f83fe522500bbb8dd583b3a2a3c26b9ba4d024b5919a0f75aca8c9da575a.exe

Filesize
100KB

MD5
c8394f5825a4f6df4f2c181619d8dd5f

SHA1
6e4828a527cbf6e1a583296b17c1e7e22bda3e49

SHA256
b62a216f1ebf90afbb0263910ddf882404cf6c13f357abfadd76ddc7bccb684b

SHA512
175fccc3b7a5fdc49cb9b258422bebcc23dc1f1bede38b2ac465d42a2bd3ffc2b38cd2396442c44269b90848b88643c13a77b2493d0a3a6d907bed2684c30e46

Download Submit
\Users\Admin\AppData\Local\Temp\3ca2f83fe522500bbb8dd583b3a2a3c26b9ba4d024b5919a0f75aca8c9da575a.exe

Filesize
100KB

MD5
c8394f5825a4f6df4f2c181619d8dd5f

SHA1
6e4828a527cbf6e1a583296b17c1e7e22bda3e49

SHA256
b62a216f1ebf90afbb0263910ddf882404cf6c13f357abfadd76ddc7bccb684b

SHA512
175fccc3b7a5fdc49cb9b258422bebcc23dc1f1bede38b2ac465d42a2bd3ffc2b38cd2396442c44269b90848b88643c13a77b2493d0a3a6d907bed2684c30e46

Download Submit
memory/1324-59-0x0000000000000000-mapping.dmp

Download
memory/1536-54-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads