Overview

overview

8

Static

static

21fc401452...65.exe

windows7-x64

8

21fc401452...65.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    145s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    19/10/2022, 23:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    21fc401452383bf8dedc6f3cb1c4d40d770a99bd51f60294f4a33fae3fdb5165.exe

  • Size

    37KB

  • MD5

    a1d4c487401c4d108a5c0a2f2ba53cf0

  • SHA1

    1c2ffce2125179ae02a3731c80d27bcfa77e110f

  • SHA256

    21fc401452383bf8dedc6f3cb1c4d40d770a99bd51f60294f4a33fae3fdb5165

  • SHA512

    ed1ba426ce130786ba62526452e4d6d68e41589b8a39f26a8f2fb7ef66c38f719946dbaaed0549659358f9fb0a47f09d595e59406c0619edcd39e2df8b22e164

  • SSDEEP

    768:ck0S8mnXg9yKHBK28cKgmOHlcGleXLQLT2BQLrYhL:MS/XlKhKlcKgmOHlcGleXLQLT2BQ

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\21fc401452383bf8dedc6f3cb1c4d40d770a99bd51f60294f4a33fae3fdb5165.exe
    "C:\Users\Admin\AppData\Local\Temp\21fc401452383bf8dedc6f3cb1c4d40d770a99bd51f60294f4a33fae3fdb5165.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2044
    • C:\Users\Admin\AppData\Local\Temp\adivokar.exe
      C:\Users\Admin\AppData\Local\Temp\adivokar.exe
      2⤵
      • Executes dropped EXE
      • Deletes itself
      PID:1956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\LogAdivokar.txt
    Filesize

    206B

    MD5

    df9394fa6f6191ef8801bddde8a1df9d

    SHA1

    1c67c1761a54e96488f87218c73eaacb410ea9d4

    SHA256

    0b1d1e56154743e1b60aa0b581c65d1748074d58c9002139cd8d96d3b10b4a48

    SHA512

    29bdc882f4ff0dcb39691fbf55b36e5f3239f484cda93c09cb42b5fb0e3622d907666555baf39cc08002ce310f1f0bf7d6c0aa9ff96d10d213054ab752408e6b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\adivokar.exe
    Filesize

    37KB

    MD5

    a1d4c487401c4d108a5c0a2f2ba53cf0

    SHA1

    1c2ffce2125179ae02a3731c80d27bcfa77e110f

    SHA256

    21fc401452383bf8dedc6f3cb1c4d40d770a99bd51f60294f4a33fae3fdb5165

    SHA512

    ed1ba426ce130786ba62526452e4d6d68e41589b8a39f26a8f2fb7ef66c38f719946dbaaed0549659358f9fb0a47f09d595e59406c0619edcd39e2df8b22e164

    Download Submit

  • \Users\Admin\AppData\Local\Temp\adivokar.exe
    Filesize

    37KB

    MD5

    a1d4c487401c4d108a5c0a2f2ba53cf0

    SHA1

    1c2ffce2125179ae02a3731c80d27bcfa77e110f

    SHA256

    21fc401452383bf8dedc6f3cb1c4d40d770a99bd51f60294f4a33fae3fdb5165

    SHA512

    ed1ba426ce130786ba62526452e4d6d68e41589b8a39f26a8f2fb7ef66c38f719946dbaaed0549659358f9fb0a47f09d595e59406c0619edcd39e2df8b22e164

    Download Submit

  • memory/1956-61-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2044-54-0x0000000075F81000-0x0000000075F83000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2044-58-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

    Download