b7fc68653c4d32be7f3180abb0cffdfcb61c796adaa18ac4d58062bae83aaefa

Analysis

max time kernel
43s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
07/10/2022, 06:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b.exe
Size

1.9MB
MD5

f6ed15763205da5fc35bc6af8ad1f000
SHA1

e95b9750d5323fe4b0a3949945590ebb0de149bf
SHA256

b7fc68653c4d32be7f3180abb0cffdfcb61c796adaa18ac4d58062bae83aaefa
SHA512

ca6d9f3f0956bf03b917d9c45c881a4672e6553eb5dd7de22ddb4a61fd9d5b7bab04cd5efa9693561e3c327bb31045f475fd78bb6af08ed8cbf620260a720b25
SSDEEP

24576:z7FUDowAyrTVE3U5FmdpDAI4oafbLHGE5x7awFhJdNo69lOy7KTijlN:zBuZrEUwD+oafv55DdN7POGjr

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1632	b.tmp

Loads dropped DLL 2 IoCs

pid	Process
896	b.exe
1632	b.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 896 wrote to memory of 1632	896	b.exe	27
PID 896 wrote to memory of 1632	896	b.exe	27
PID 896 wrote to memory of 1632	896	b.exe	27
PID 896 wrote to memory of 1632	896	b.exe	27
PID 896 wrote to memory of 1632	896	b.exe	27
PID 896 wrote to memory of 1632	896	b.exe	27
PID 896 wrote to memory of 1632	896	b.exe	27

C:\Users\Admin\AppData\Local\Temp\b.exe
"C:\Users\Admin\AppData\Local\Temp\b.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:896
- C:\Users\Admin\AppData\Local\Temp\is-FMHFQ.tmp\b.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-FMHFQ.tmp\b.tmp" /SL5="$60124,1135239,832512,C:\Users\Admin\AppData\Local\Temp\b.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1632

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-FMHFQ.tmp\b.tmp

Filesize
3.0MB

MD5
77d406991227cc35026e45fe0411b3b5

SHA1
3d1a314aa86c24e84e97782c7c093a4d7f972f4d

SHA256
0f4f707356ffab07e4764773c06573f2dbf253309e136f220cef0419c6c644e3

SHA512
f61e3a9d8c573c444519300e3f3a6d12d48ea1c43cbde7835d0fe871e997d2f75589b4c8e9896903d062e68b1313cb141e41269281a7b78f8ea86c3c510a4501

Download Submit
\Users\Admin\AppData\Local\Temp\is-FMHFQ.tmp\b.tmp

Filesize
3.0MB

MD5
77d406991227cc35026e45fe0411b3b5

SHA1
3d1a314aa86c24e84e97782c7c093a4d7f972f4d

SHA256
0f4f707356ffab07e4764773c06573f2dbf253309e136f220cef0419c6c644e3

SHA512
f61e3a9d8c573c444519300e3f3a6d12d48ea1c43cbde7835d0fe871e997d2f75589b4c8e9896903d062e68b1313cb141e41269281a7b78f8ea86c3c510a4501

Download Submit
\Users\Admin\AppData\Local\Temp\is-GGNSL.tmp\tava.dll

Filesize
339KB

MD5
8f1ff631e1c3918ba0d731673994d5cb

SHA1
93b9337010e346afc546f3fd733a52aa38dba77f

SHA256
fe81ed8671a5384d55299eef4ad679f6f5a080ad69cb072865327fe93ed85cbd

SHA512
4f68d6aac354640d3cb578b64f5f3d141ce143dbec47ea92fd841c061ba3b7a92c91c386df428fde86eba625c404a0e3145d4585a6cc6dcc322bf48e62e004bd

Download Submit
memory/896-54-0x0000000075B41000-0x0000000075B43000-memory.dmp

Filesize
8KB

Download
memory/896-55-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/896-62-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/896-63-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads