Overview

overview

8

Static

static

cfad4dbcf2...36.exe

windows7-x64

8

cfad4dbcf2...36.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    133s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/10/2022, 01:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cfad4dbcf2f9aabc257530905b2d5de584f5cfb36055b7dbd310d4eb03566b36.exe

  • Size

    39KB

  • MD5

    61806214628cc7eea7251e81afc6d590

  • SHA1

    fff09f792c61118a287919c5bc992331c74e66d0

  • SHA256

    cfad4dbcf2f9aabc257530905b2d5de584f5cfb36055b7dbd310d4eb03566b36

  • SHA512

    be072f6a66a4f92cd86055adf444cef1b60c744b660e8c26e30e374efba1dbf3878dfa0687fda4763279e1cc5e2dd5455424dfbf2e45bee416697423d3212d1e

  • SSDEEP

    768:0M9K1W09voU5IDfL3bDNx1jy0yu4GPRO/pDrw2E:0MVCp5IDvP1jy0yu4GPRmpDrwD

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cfad4dbcf2f9aabc257530905b2d5de584f5cfb36055b7dbd310d4eb03566b36.exe
    "C:\Users\Admin\AppData\Local\Temp\cfad4dbcf2f9aabc257530905b2d5de584f5cfb36055b7dbd310d4eb03566b36.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4652
    • C:\Users\Admin\AppData\Local\Temp\ekrakdeep.exe
      C:\Users\Admin\AppData\Local\Temp\ekrakdeep.exe
      2⤵
      • Executes dropped EXE
      PID:4236

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\ekrakdeep.exe
    Filesize

    39KB

    MD5

    d4cf6c95e1d33dc1abf31d815b29131e

    SHA1

    044a3e2d0e3ece04d189780c01c92be3a2308486

    SHA256

    1543c97dbc22cd20ad9204b490c91f3d610f25704c54c845c9e61f636a9dca6c

    SHA512

    20c087a7746d3e1fab8c24e41dfc1c9d380f8667e83c88a884aff3ded9f62a2cefca9d9f22f9ba7f106fbd4b903075a10bbc0d07354f562caf9437da46969a69

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ekrakdeep.exe
    Filesize

    39KB

    MD5

    d4cf6c95e1d33dc1abf31d815b29131e

    SHA1

    044a3e2d0e3ece04d189780c01c92be3a2308486

    SHA256

    1543c97dbc22cd20ad9204b490c91f3d610f25704c54c845c9e61f636a9dca6c

    SHA512

    20c087a7746d3e1fab8c24e41dfc1c9d380f8667e83c88a884aff3ded9f62a2cefca9d9f22f9ba7f106fbd4b903075a10bbc0d07354f562caf9437da46969a69

    Download Submit

  • memory/4236-136-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/4652-135-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

    Download