Overview

overview

8

Static

static

d410419974...b6.exe

windows7-x64

8

d410419974...b6.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    105s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-10-2022 23:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d410419974323d83b09be9adcdff48ba90618c9f55236bd7f234f5e07a3c5bb6.exe

  • Size

    566KB

  • MD5

    a391d70133d7d0fbc5f15f55319e2680

  • SHA1

    059499c00cefb45cc9e6d44591af2d3b83cd9b07

  • SHA256

    d410419974323d83b09be9adcdff48ba90618c9f55236bd7f234f5e07a3c5bb6

  • SHA512

    df53b184ac4f0439a38167d074b562d5867e66368147269251392ea9d8a113b744b6e107795a0e1dfc0c5b6696bb61db119f5671a9031806fb1a0ce472abb920

  • SSDEEP

    6144:s4UHFnuDk67fe2tlw9ay6qOxLfPcvgKVt18CRRVMMMMMM2MMMMM+:6luDk67Q23zKr1zRRaMMMMM2MMMMM+

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3060
      • C:\Users\Admin\AppData\Local\Temp\d410419974323d83b09be9adcdff48ba90618c9f55236bd7f234f5e07a3c5bb6.exe
        "C:\Users\Admin\AppData\Local\Temp\d410419974323d83b09be9adcdff48ba90618c9f55236bd7f234f5e07a3c5bb6.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:1612
        • C:\Users\Admin\AppData\Local\Temp\d410419974323d83b09be9adcdff48ba90618c9f55236bd7f234f5e07a3c5bb6.com
          C:\Users\Admin\AppData\Local\Temp\d410419974323d83b09be9adcdff48ba90618c9f55236bd7f234f5e07a3c5bb6.com
          3⤵
          • Executes dropped EXE
          PID:1208

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\d410419974323d83b09be9adcdff48ba90618c9f55236bd7f234f5e07a3c5bb6.com
      Filesize

      477KB

      MD5

      5b0f1bc6e139a2283316d29e8e067163

      SHA1

      7737c70afe056b7f086b2b62b6463d0dc89dd235

      SHA256

      18e3089b4a263cf5c2ecec228d41a96e38e6b1374218ec8314c4dbab79521eb5

      SHA512

      39ffbad5a2f83016789a8645b132533a4dd3e01aee0a340090ef5ca662592e7e971519b839fe1c9346c7217b16aedac5dedf9b2da2c392859a2c7effe6d1ba73

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\d410419974323d83b09be9adcdff48ba90618c9f55236bd7f234f5e07a3c5bb6.com
      Filesize

      477KB

      MD5

      5b0f1bc6e139a2283316d29e8e067163

      SHA1

      7737c70afe056b7f086b2b62b6463d0dc89dd235

      SHA256

      18e3089b4a263cf5c2ecec228d41a96e38e6b1374218ec8314c4dbab79521eb5

      SHA512

      39ffbad5a2f83016789a8645b132533a4dd3e01aee0a340090ef5ca662592e7e971519b839fe1c9346c7217b16aedac5dedf9b2da2c392859a2c7effe6d1ba73

      Download Submit

    • memory/1208-132-0x0000000000000000-mapping.dmp

      Download