Overview

overview

10

Static

static

7f0d8248f9...ab.exe

windows7-x64

5

7f0d8248f9...ab.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    19s
  • max time network
    18s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-10-2022 21:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7f0d8248f9ab9ce3c044d67a677c85cf421a086da32d9756784fc820596f14ab.exe

  • Size

    144KB

  • MD5

    0c365cba15e598862209111406bf7f60

  • SHA1

    dccffca85d86b48c87211535f829af04b08f9658

  • SHA256

    7f0d8248f9ab9ce3c044d67a677c85cf421a086da32d9756784fc820596f14ab

  • SHA512

    457c4dd0c0192b31e5e4cf8c61004fea6aa80a4e6dfc404cbd47ee25780dc422ca1c070e9f08f6439bd59c9cbe7e2fb4066921d4213c4dae797ab9f30cd7be57

  • SSDEEP

    3072:1PX9R7EBKmMDhrrWjB5HRdo8g0Ec0p6LzgP+QiS:FNR7EBKPNr40/pUzu+

Score
10/10
netwirebotnetratstealer

Malware Config

Signatures

  • NetWire RAT payload 2 IoCs
    rat
  • Netwire

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    botnetstealernetwire
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7f0d8248f9ab9ce3c044d67a677c85cf421a086da32d9756784fc820596f14ab.exe
    "C:\Users\Admin\AppData\Local\Temp\7f0d8248f9ab9ce3c044d67a677c85cf421a086da32d9756784fc820596f14ab.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1252
    • C:\Users\Admin\AppData\Local\Temp\7f0d8248f9ab9ce3c044d67a677c85cf421a086da32d9756784fc820596f14ab.exe
      "C:\Users\Admin\AppData\Local\Temp\7f0d8248f9ab9ce3c044d67a677c85cf421a086da32d9756784fc820596f14ab.exe"
      2⤵
        PID:2208
        • C:\Users\Admin\AppData\Roaming\Install\Host.exe
          "C:\Users\Admin\AppData\Roaming\Install\Host.exe"
          3⤵
            PID:4888
            • C:\Users\Admin\AppData\Roaming\Install\Host.exe
              "C:\Users\Admin\AppData\Roaming\Install\Host.exe"
              4⤵
                PID:4872

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\Install\Host.exe
          Filesize

          86KB

          MD5

          39d8fc130e0609b69aa1061905987bd5

          SHA1

          9427e1bb79eb77c2b5456131ddcd36bbfc72aff0

          SHA256

          6f729a2c1e0b2f4d2afe9158a874c5d4cc3a4aa9e4f94d71c27b4b4492a7e533

          SHA512

          166edc50865ca6cf7c55c790ec61a74fdbd3527450c2d0d24eb1fc3ea2433329159d822528fc7ea1eb46ec5876aa4213ac44bc14de4cb2136ce4d64759911926

          Download Submit
        • C:\Users\Admin\AppData\Roaming\Install\Host.exe
          Filesize

          83KB

          MD5

          f77b42823349fff9209b68c4afa650dc

          SHA1

          78607df4bae0da8b5e2ba7c146832a1d6864cd58

          SHA256

          f8abe12bbf17d52a97a8cb0ef6c6c329cac25b69445e87741f7cd83499395f08

          SHA512

          148c365116b49586a30015e8786b047f03aaf2fa14e33b26c54907b7aeafc8a4a76e98237530408a66a104271cbe5e3fa187fbdec59ff6705a8d5cdacd2cac96

          Download Submit
        • C:\Users\Admin\AppData\Roaming\Install\Host.exe
          Filesize

          26KB

          MD5

          f34525bbdc6efb352f9164223a3c0c7c

          SHA1

          8647c766f715dc965ba614bb53cfe34a8db3ed98

          SHA256

          1ba82e55580547bdf17efdc3c2e32be4a6c49eab8e4a357e19b6aff42c8f5dfc

          SHA512

          655834b6c92032da4d6467f4b8201233314800ccdeccfbf659f373dbf3a06d310e48137a08820fc695ae5fa6f37f22fdded429f11936b92f3b554f1c96b392d5

          Download Submit
        • memory/1252-134-0x0000000000400000-0x0000000000425000-memory.dmp
          Filesize

          148KB

          Download
        • memory/1252-140-0x0000000000400000-0x0000000000425000-memory.dmp
          Filesize

          148KB

          Download
        • memory/1252-135-0x0000000000400000-0x0000000000425000-memory.dmp
          Filesize

          148KB

          Download
        • memory/2208-139-0x0000000000400000-0x0000000000418000-memory.dmp
          Filesize

          96KB

          Download
        • memory/2208-137-0x0000000000400000-0x0000000000418000-memory.dmp
          Filesize

          96KB

          Download
        • memory/2208-136-0x0000000000000000-mapping.dmp
          Download
        • memory/2208-144-0x0000000000400000-0x0000000000418000-memory.dmp
          Filesize

          96KB

          Download
        • memory/4872-149-0x0000000000000000-mapping.dmp
          Download
        • memory/4872-153-0x0000000000400000-0x0000000000418000-memory.dmp
          Filesize

          96KB

          Download
        • memory/4872-155-0x0000000000400000-0x0000000000418000-memory.dmp
          Filesize

          96KB

          Download
        • memory/4888-148-0x0000000000400000-0x0000000000425000-memory.dmp
          Filesize

          148KB

          Download
        • memory/4888-147-0x0000000000400000-0x0000000000425000-memory.dmp
          Filesize

          148KB

          Download
        • memory/4888-154-0x0000000000400000-0x0000000000425000-memory.dmp
          Filesize

          148KB

          Download
        • memory/4888-141-0x0000000000000000-mapping.dmp
          Download