7e02ced34234edbc2743cdba707d342e260184f01b913b7d92f4638dad9063f8

Analysis

max time kernel
41s
max time network
46s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
03/10/2022, 23:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7e02ced34234edbc2743cdba707d342e260184f01b913b7d92f4638dad9063f8.exe
Size

432KB
MD5

31106c988a40ad9a884dd9040e0f8992
SHA1

848e60f82adf77fb4bfafe48ce7fb0857c1b4cac
SHA256

7e02ced34234edbc2743cdba707d342e260184f01b913b7d92f4638dad9063f8
SHA512

ba46a4f6e49a4ac9c28021d0f370fdc5f254189b5af376ac9876fd8f59784aeed10a6c4349aa2a29188f57439e8b06436638ebc03874fab59f3cf6727901c54e
SSDEEP

6144:99AmL6pFZ0aTaYn1W0ugmvmOZzsz5czJltTBLvu9VYsi3n/9u2YDbX5:992LDKgmRsqtTVvuuQ2sJ

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1272	selkc.exe

Deletes itself 1 IoCs

pid	Process
2040	cmd.exe

Loads dropped DLL 2 IoCs

pid	Process
1632	7e02ced34234edbc2743cdba707d342e260184f01b913b7d92f4638dad9063f8.exe
1632	7e02ced34234edbc2743cdba707d342e260184f01b913b7d92f4638dad9063f8.exe

Drops file in System32 directory 4 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\selkc.exe	7e02ced34234edbc2743cdba707d342e260184f01b913b7d92f4638dad9063f8.exe
File opened for modification	C:\Windows\SysWOW64\selkc.exe	7e02ced34234edbc2743cdba707d342e260184f01b913b7d92f4638dad9063f8.exe
File opened for modification	C:\Windows\SysWOW64\xcopy.exe	7e02ced34234edbc2743cdba707d342e260184f01b913b7d92f4638dad9063f8.exe
File created	C:\Windows\SysWOW64\tmp.bat	7e02ced34234edbc2743cdba707d342e260184f01b913b7d92f4638dad9063f8.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1632 wrote to memory of 1272	1632	7e02ced34234edbc2743cdba707d342e260184f01b913b7d92f4638dad9063f8.exe	28
PID 1632 wrote to memory of 1272	1632	7e02ced34234edbc2743cdba707d342e260184f01b913b7d92f4638dad9063f8.exe	28
PID 1632 wrote to memory of 1272	1632	7e02ced34234edbc2743cdba707d342e260184f01b913b7d92f4638dad9063f8.exe	28
PID 1632 wrote to memory of 1272	1632	7e02ced34234edbc2743cdba707d342e260184f01b913b7d92f4638dad9063f8.exe	28
PID 1632 wrote to memory of 2040	1632	7e02ced34234edbc2743cdba707d342e260184f01b913b7d92f4638dad9063f8.exe	30
PID 1632 wrote to memory of 2040	1632	7e02ced34234edbc2743cdba707d342e260184f01b913b7d92f4638dad9063f8.exe	30
PID 1632 wrote to memory of 2040	1632	7e02ced34234edbc2743cdba707d342e260184f01b913b7d92f4638dad9063f8.exe	30
PID 1632 wrote to memory of 2040	1632	7e02ced34234edbc2743cdba707d342e260184f01b913b7d92f4638dad9063f8.exe	30

C:\Users\Admin\AppData\Local\Temp\7e02ced34234edbc2743cdba707d342e260184f01b913b7d92f4638dad9063f8.exe
"C:\Users\Admin\AppData\Local\Temp\7e02ced34234edbc2743cdba707d342e260184f01b913b7d92f4638dad9063f8.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1632
- C:\Windows\SysWOW64\selkc.exe
  C:\Windows\system32\selkc.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Windows\system32\tmp.bat
  2⤵
  - Deletes itself
  PID:2040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\selkc.exe

Filesize
432KB

MD5
31106c988a40ad9a884dd9040e0f8992

SHA1
848e60f82adf77fb4bfafe48ce7fb0857c1b4cac

SHA256
7e02ced34234edbc2743cdba707d342e260184f01b913b7d92f4638dad9063f8

SHA512
ba46a4f6e49a4ac9c28021d0f370fdc5f254189b5af376ac9876fd8f59784aeed10a6c4349aa2a29188f57439e8b06436638ebc03874fab59f3cf6727901c54e

Download Submit
C:\Windows\SysWOW64\tmp.bat

Filesize
303B

MD5
218b0efc6216dce3363177528f46a90c

SHA1
1bf0a8a9c2098a33a0f587d7cd7710c21944f68a

SHA256
8a34598229cab2d5b12de0add989c6ff26a072b56e06164a66ab610cea9cc953

SHA512
c0995d1183f5bf2e4eba21ee651d831cef6423e21744a190c0ce508b8b58a2091cb4635f28b5206d7363ca1bedad209ce643e90f14b775d43bdb350a9d0499d8

Download Submit
\Windows\SysWOW64\selkc.exe

Filesize
432KB

MD5
31106c988a40ad9a884dd9040e0f8992

SHA1
848e60f82adf77fb4bfafe48ce7fb0857c1b4cac

SHA256
7e02ced34234edbc2743cdba707d342e260184f01b913b7d92f4638dad9063f8

SHA512
ba46a4f6e49a4ac9c28021d0f370fdc5f254189b5af376ac9876fd8f59784aeed10a6c4349aa2a29188f57439e8b06436638ebc03874fab59f3cf6727901c54e

Download Submit
\Windows\SysWOW64\selkc.exe

Filesize
432KB

MD5
31106c988a40ad9a884dd9040e0f8992

SHA1
848e60f82adf77fb4bfafe48ce7fb0857c1b4cac

SHA256
7e02ced34234edbc2743cdba707d342e260184f01b913b7d92f4638dad9063f8

SHA512
ba46a4f6e49a4ac9c28021d0f370fdc5f254189b5af376ac9876fd8f59784aeed10a6c4349aa2a29188f57439e8b06436638ebc03874fab59f3cf6727901c54e

Download Submit
memory/1632-54-0x0000000076BA1000-0x0000000076BA3000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads