fb085f48b3ff6a74056d0fec8f75c2bd078dbc3d984d21d74dd58ed809d1374f

Analysis

max time kernel
23s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11/10/2022, 03:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fb085f48b3ff6a74056d0fec8f75c2bd078dbc3d984d21d74dd58ed809d1374f.exe
Size

61KB
MD5

684f9d23b5c9044f98b4372898110700
SHA1

7bb5e432738044d6b1b24ac46e38713577394ed3
SHA256

fb085f48b3ff6a74056d0fec8f75c2bd078dbc3d984d21d74dd58ed809d1374f
SHA512

953252add3e7c0e9e59059de76017dcdf5176372f1a5fd594a172e0d9975bade592ca2a25a56d6808b1323ae1ac98b27a207fdbe482afa7fe076a34656647753
SSDEEP

768:oj7h5OJxbyoJYdyuxq1KiUR6pC57jJHAo1V635zVVnCK0FtGIHGIeJw2sx3oA:K2JFBYdLxq1KiULHN103kfGIHG9kNo

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2016	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1820	cmd.exe
1820	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1928 wrote to memory of 1820	1928	fb085f48b3ff6a74056d0fec8f75c2bd078dbc3d984d21d74dd58ed809d1374f.exe	28
PID 1928 wrote to memory of 1820	1928	fb085f48b3ff6a74056d0fec8f75c2bd078dbc3d984d21d74dd58ed809d1374f.exe	28
PID 1928 wrote to memory of 1820	1928	fb085f48b3ff6a74056d0fec8f75c2bd078dbc3d984d21d74dd58ed809d1374f.exe	28
PID 1928 wrote to memory of 1820	1928	fb085f48b3ff6a74056d0fec8f75c2bd078dbc3d984d21d74dd58ed809d1374f.exe	28
PID 1820 wrote to memory of 2016	1820	cmd.exe	29
PID 1820 wrote to memory of 2016	1820	cmd.exe	29
PID 1820 wrote to memory of 2016	1820	cmd.exe	29
PID 1820 wrote to memory of 2016	1820	cmd.exe	29

C:\Users\Admin\AppData\Local\Temp\fb085f48b3ff6a74056d0fec8f75c2bd078dbc3d984d21d74dd58ed809d1374f.exe
"C:\Users\Admin\AppData\Local\Temp\fb085f48b3ff6a74056d0fec8f75c2bd078dbc3d984d21d74dd58ed809d1374f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1928
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1820
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
61KB

MD5
e35d81df1532c7eaae9d3b5cab57a7f3

SHA1
5f742ac9a6abd9fb8450be0f1543acf1b3dc0306

SHA256
bc04b49d54a0600035be12eb3d22120ccb5392d6eefab766ff1acd4b710ebca2

SHA512
dd4c08dcdcec298cc41379c1546143b0c25da98e6a536d1c35d1c3f78244b970dae44ec36252da04874a3e9944cbc33b4b45ecbc9aa5edb85d2a12ab7ff3dff9

Download Submit
C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
61KB

MD5
e35d81df1532c7eaae9d3b5cab57a7f3

SHA1
5f742ac9a6abd9fb8450be0f1543acf1b3dc0306

SHA256
bc04b49d54a0600035be12eb3d22120ccb5392d6eefab766ff1acd4b710ebca2

SHA512
dd4c08dcdcec298cc41379c1546143b0c25da98e6a536d1c35d1c3f78244b970dae44ec36252da04874a3e9944cbc33b4b45ecbc9aa5edb85d2a12ab7ff3dff9

Download Submit
\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
61KB

MD5
e35d81df1532c7eaae9d3b5cab57a7f3

SHA1
5f742ac9a6abd9fb8450be0f1543acf1b3dc0306

SHA256
bc04b49d54a0600035be12eb3d22120ccb5392d6eefab766ff1acd4b710ebca2

SHA512
dd4c08dcdcec298cc41379c1546143b0c25da98e6a536d1c35d1c3f78244b970dae44ec36252da04874a3e9944cbc33b4b45ecbc9aa5edb85d2a12ab7ff3dff9

Download Submit
\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
61KB

MD5
e35d81df1532c7eaae9d3b5cab57a7f3

SHA1
5f742ac9a6abd9fb8450be0f1543acf1b3dc0306

SHA256
bc04b49d54a0600035be12eb3d22120ccb5392d6eefab766ff1acd4b710ebca2

SHA512
dd4c08dcdcec298cc41379c1546143b0c25da98e6a536d1c35d1c3f78244b970dae44ec36252da04874a3e9944cbc33b4b45ecbc9aa5edb85d2a12ab7ff3dff9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads