Overview

overview

8

Static

static

52c87f4ba4...5e.exe

windows7-x64

8

52c87f4ba4...5e.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    146s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    03-10-2022 01:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    52c87f4ba468fde2b9a939a8d9e4606aa348149f6ff20b5e9ccd6186b1400f5e.exe

  • Size

    36KB

  • MD5

    36d923636c5c4b322bf78910f3312ba0

  • SHA1

    7fbae0066b4d62ecddd78cd86346e5989ba7987d

  • SHA256

    52c87f4ba468fde2b9a939a8d9e4606aa348149f6ff20b5e9ccd6186b1400f5e

  • SHA512

    577dafc53064b894a1356b29ff021c3dac9b5906791267d1fc5b15af7e2a693b1bbe6ba137f980c1ea02d154524521ecc1aed9a335294228530afad50dad78e3

  • SSDEEP

    768:kffMdWzw42FW7Soqd13OPwie77nI6OjiISEUhK/YzAsW:Y/zw42FIxqKm77nI6OjiISEUhKWAb

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\52c87f4ba468fde2b9a939a8d9e4606aa348149f6ff20b5e9ccd6186b1400f5e.exe
    "C:\Users\Admin\AppData\Local\Temp\52c87f4ba468fde2b9a939a8d9e4606aa348149f6ff20b5e9ccd6186b1400f5e.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1324
    • C:\Users\Admin\AppData\Local\Temp\camexehday.exe
      C:\Users\Admin\AppData\Local\Temp\camexehday.exe
      2⤵
      • Executes dropped EXE
      • Deletes itself
      PID:828

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Came7A243241C.txt
    Filesize

    206B

    MD5

    545b520bdfd8ad9d164302cd716d0fbf

    SHA1

    c9e25fa00e484c9fd267a7bd0d8d664dcee6e3ad

    SHA256

    d09c925209bab6ae4d3f49ba9bb5de9f53b4e67c03234811d9cd70f45a82e9bd

    SHA512

    47634479dd09f9f6d0fd0bd0520920b5b3031757846a1ce92eadb43b48bc19b0e1449eae783a053816f22260bf9211a3d684e3ae1688343177997c4f46fa081d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\camexehday.exe
    Filesize

    36KB

    MD5

    36d923636c5c4b322bf78910f3312ba0

    SHA1

    7fbae0066b4d62ecddd78cd86346e5989ba7987d

    SHA256

    52c87f4ba468fde2b9a939a8d9e4606aa348149f6ff20b5e9ccd6186b1400f5e

    SHA512

    577dafc53064b894a1356b29ff021c3dac9b5906791267d1fc5b15af7e2a693b1bbe6ba137f980c1ea02d154524521ecc1aed9a335294228530afad50dad78e3

    Download Submit

  • \Users\Admin\AppData\Local\Temp\camexehday.exe
    Filesize

    36KB

    MD5

    36d923636c5c4b322bf78910f3312ba0

    SHA1

    7fbae0066b4d62ecddd78cd86346e5989ba7987d

    SHA256

    52c87f4ba468fde2b9a939a8d9e4606aa348149f6ff20b5e9ccd6186b1400f5e

    SHA512

    577dafc53064b894a1356b29ff021c3dac9b5906791267d1fc5b15af7e2a693b1bbe6ba137f980c1ea02d154524521ecc1aed9a335294228530afad50dad78e3

    Download Submit

  • memory/828-61-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1324-54-0x0000000075AC1000-0x0000000075AC3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1324-58-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

    Download