Overview

overview

6

Static

static

224a7ec8fb...38.exe

windows7-x64

6

224a7ec8fb...38.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    113s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/10/2022, 00:39

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    224a7ec8fb70ef9e071d5062a93cbf83b1b7594957d885e74da4f7ff58a21238.exe

  • Size

    634KB

  • MD5

    2d2481ee1f271adc201b8f1cc9878ec3

  • SHA1

    2424e06c2b4de0ed1fcc4a62960002f28b7aa6b9

  • SHA256

    224a7ec8fb70ef9e071d5062a93cbf83b1b7594957d885e74da4f7ff58a21238

  • SHA512

    57e7acdae5b5170ac875367dd29bf16e78cc48213543098e33e50f198df56b868e8ed30e184f3fa7fdade41891fdf8b51727eeea64f1f0e7969f0687b0af06fa

  • SSDEEP

    12288:m1kJ4FdktcZ9vj7TMD970Lrq9fodMBv78hI2+aGMScEzsGnF:TJ4LvHbu7v9giv7vfaGDccsu

Score
6/10

Malware Config

Signatures

  • Drops desktop.ini file(s) 2 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Drops file in Windows directory 4 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 25 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\224a7ec8fb70ef9e071d5062a93cbf83b1b7594957d885e74da4f7ff58a21238.exe
    "C:\Users\Admin\AppData\Local\Temp\224a7ec8fb70ef9e071d5062a93cbf83b1b7594957d885e74da4f7ff58a21238.exe"
    1⤵
    • Drops desktop.ini file(s)
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4916
    • C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
      dw20.exe -x -s 1712
      2⤵
      • Drops file in Windows directory
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious use of AdjustPrivilegeToken
      PID:4768

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/4916-142-0x0000000076AC0000-0x0000000076D41000-memory.dmp

          Filesize

          2.5MB

          Download

        • memory/4916-144-0x0000000073710000-0x000000007376B000-memory.dmp

          Filesize

          364KB

          Download

        • memory/4916-135-0x0000000000D60000-0x0000000000E50000-memory.dmp

          Filesize

          960KB

          Download

        • memory/4916-136-0x00000000768A0000-0x0000000076AB5000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/4916-137-0x00000000749F0000-0x0000000074FA1000-memory.dmp

          Filesize

          5.7MB

          Download

        • memory/4916-138-0x0000000075DD0000-0x0000000076383000-memory.dmp

          Filesize

          5.7MB

          Download

        • memory/4916-139-0x00000000028F0000-0x000000000292D000-memory.dmp

          Filesize

          244KB

          Download

        • memory/4916-140-0x0000000000D60000-0x0000000000E50000-memory.dmp

          Filesize

          960KB

          Download

        • memory/4916-141-0x00000000749F0000-0x0000000074FA1000-memory.dmp

          Filesize

          5.7MB

          Download

        • memory/4916-132-0x0000000000D60000-0x0000000000E50000-memory.dmp

          Filesize

          960KB

          Download

        • memory/4916-134-0x00000000028F0000-0x000000000292D000-memory.dmp

          Filesize

          244KB

          Download

        • memory/4916-145-0x00000000749F0000-0x0000000074FA1000-memory.dmp

          Filesize

          5.7MB

          Download

        • memory/4916-143-0x00000000764B0000-0x0000000076593000-memory.dmp

          Filesize

          908KB

          Download

        • memory/4916-146-0x0000000072EE0000-0x0000000072EFE000-memory.dmp

          Filesize

          120KB

          Download

        • memory/4916-147-0x0000000072EC0000-0x0000000072EC8000-memory.dmp

          Filesize

          32KB

          Download

        • memory/4916-148-0x0000000072BB0000-0x0000000072E8E000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/4916-149-0x0000000072B20000-0x0000000072BAD000-memory.dmp

          Filesize

          564KB

          Download

        • memory/4916-133-0x0000000000D60000-0x0000000000E50000-memory.dmp

          Filesize

          960KB

          Download

        • memory/4916-151-0x0000000000D60000-0x0000000000E50000-memory.dmp

          Filesize

          960KB

          Download

        • memory/4916-152-0x00000000028F0000-0x000000000292D000-memory.dmp

          Filesize

          244KB

          Download

        • memory/4916-153-0x00000000749F0000-0x0000000074FA1000-memory.dmp

          Filesize

          5.7MB

          Download