Analysis

  • max time kernel
    88s
  • max time network
    91s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    20/10/2022, 13:46

General

  • Target

    63d8187ed7d4a129ba482b3e0ce3a885e4da52becd83714b4fcab20e658af7ee.exe

  • Size

    218KB

  • MD5

    702a4bda35eac5a0cec6bcdd24901cd5

  • SHA1

    0a9373bf95999db0ae512d2a7df46c2a98d6dcf8

  • SHA256

    63d8187ed7d4a129ba482b3e0ce3a885e4da52becd83714b4fcab20e658af7ee

  • SHA512

    e6dcbd06727b1ccfafa2657e64fe77d2df8b0ef4c58a6a379780b3f88dffa8259e6449cf7d1515ebadcd5b399652e3d1066219e05a14231caf81a4e8ad0724c6

  • SSDEEP

    3072:uUlUHnCkLzLB5yd52gbHD8CSp+cpK0eFVyQBseW9mZmxyew+fH:uikfLBR2D8j+cy+QjW9mZmYhgH

Score
6/10

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in Windows directory 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\63d8187ed7d4a129ba482b3e0ce3a885e4da52becd83714b4fcab20e658af7ee.exe
    "C:\Users\Admin\AppData\Local\Temp\63d8187ed7d4a129ba482b3e0ce3a885e4da52becd83714b4fcab20e658af7ee.exe"
    1⤵
    • Maps connected drives based on registry
    • Drops file in Windows directory
    PID:908

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/908-54-0x0000000075131000-0x0000000075133000-memory.dmp

    Filesize

    8KB

  • memory/908-55-0x0000000000180000-0x00000000001AF000-memory.dmp

    Filesize

    188KB

  • memory/908-59-0x00000000008B0000-0x00000000008D7000-memory.dmp

    Filesize

    156KB