Overview

overview

8

Static

static

57f030bef6...a0.exe

windows7-x64

8

57f030bef6...a0.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    142s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/10/2022, 02:02

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    57f030bef6345b045b57f70fd9c1e0f313a9ee1c7de49d162ccf98a23e12cba0.exe

  • Size

    31KB

  • MD5

    4afd665a8eda0c4ef61ea8a9b048da10

  • SHA1

    d69905f7341809eea4a65290be66bb2ac60b115a

  • SHA256

    57f030bef6345b045b57f70fd9c1e0f313a9ee1c7de49d162ccf98a23e12cba0

  • SHA512

    0a1fd436b8dc6bf11f86c1fe80a5f14baeda3943c8b0c598794d4c17180bb9be449cb470e2d0b33d772787a78410ebc0b794ab941f54089374d00be8e0a9c52c

  • SSDEEP

    768:gHjJZAil0nPs3witNBD1oH3X4RoZk4U+PpBwGjpYDI:2f+UgitXD1oXX4RoZk4U+Pp71YM

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\57f030bef6345b045b57f70fd9c1e0f313a9ee1c7de49d162ccf98a23e12cba0.exe
    "C:\Users\Admin\AppData\Local\Temp\57f030bef6345b045b57f70fd9c1e0f313a9ee1c7de49d162ccf98a23e12cba0.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4976
    • C:\Users\Admin\AppData\Local\Temp\avgbrowse.exe
      C:\Users\Admin\AppData\Local\Temp\avgbrowse.exe
      2⤵
      • Executes dropped EXE
      PID:2804

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\avgbrowse.exe
          Filesize

          31KB

          MD5

          96c2dfe49fc787d05da79d67d5cb3a0d

          SHA1

          fcc63bd0a5c956351018c8ee8092c73a89f8e60b

          SHA256

          de62d9034c8853f0bf30cbdd2b92297347aab1f3c3aa3e28186697aa5a231b4c

          SHA512

          120c7167209db3d8a0cf4c303d21770296099479550eef2e71556286e38ecc0df8cd1dc207572cf11f3f17027e4685b195646e17fc4a0b4856dca27a9b3ce5e2

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\avgbrowse.exe
          Filesize

          31KB

          MD5

          96c2dfe49fc787d05da79d67d5cb3a0d

          SHA1

          fcc63bd0a5c956351018c8ee8092c73a89f8e60b

          SHA256

          de62d9034c8853f0bf30cbdd2b92297347aab1f3c3aa3e28186697aa5a231b4c

          SHA512

          120c7167209db3d8a0cf4c303d21770296099479550eef2e71556286e38ecc0df8cd1dc207572cf11f3f17027e4685b195646e17fc4a0b4856dca27a9b3ce5e2

          Download Submit

        • memory/2804-139-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/4976-136-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download