Overview

overview

8

Static

static

8212824085...b1.exe

windows7-x64

8

8212824085...b1.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    146s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    29/10/2022, 01:44

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    8212824085bc39e909dd745900c6c59357bda8328baa35e67238bfd53e9c1fb1.exe

  • Size

    39KB

  • MD5

    0bec8bec2719220174770f6be2670a70

  • SHA1

    3650952706809567c9ad154aa0534b4205812f37

  • SHA256

    8212824085bc39e909dd745900c6c59357bda8328baa35e67238bfd53e9c1fb1

  • SHA512

    0360da04a26b3f1fd8663c0d92a454de44688d9882fe7ff3cef7fbbc323895fa9bc956948b06d0148895a31dc62e095399a8735ef95c75779aed46314f4c6241

  • SSDEEP

    768:eKRylReBzok4ZVsr/i5ZDDynrpwRdWUAohfjiT5edir:rQK6e/inerpwr0qfWT5Me

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates connected drives 3 TTPs 22 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 3 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8212824085bc39e909dd745900c6c59357bda8328baa35e67238bfd53e9c1fb1.exe
    "C:\Users\Admin\AppData\Local\Temp\8212824085bc39e909dd745900c6c59357bda8328baa35e67238bfd53e9c1fb1.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious behavior: RenamesItself
    PID:1696
  • C:\Windows\SysWOW64\rcflye.exe
    C:\Windows\SysWOW64\rcflye.exe
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Program Files directory
    PID:944

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\rcflye.exe
          Filesize

          39KB

          MD5

          0bec8bec2719220174770f6be2670a70

          SHA1

          3650952706809567c9ad154aa0534b4205812f37

          SHA256

          8212824085bc39e909dd745900c6c59357bda8328baa35e67238bfd53e9c1fb1

          SHA512

          0360da04a26b3f1fd8663c0d92a454de44688d9882fe7ff3cef7fbbc323895fa9bc956948b06d0148895a31dc62e095399a8735ef95c75779aed46314f4c6241

          Download Submit

        • C:\Windows\SysWOW64\rcflye.exe
          Filesize

          39KB

          MD5

          0bec8bec2719220174770f6be2670a70

          SHA1

          3650952706809567c9ad154aa0534b4205812f37

          SHA256

          8212824085bc39e909dd745900c6c59357bda8328baa35e67238bfd53e9c1fb1

          SHA512

          0360da04a26b3f1fd8663c0d92a454de44688d9882fe7ff3cef7fbbc323895fa9bc956948b06d0148895a31dc62e095399a8735ef95c75779aed46314f4c6241

          Download Submit

        • \Windows\SysWOW64\gei33.dll
          Filesize

          51KB

          MD5

          310b1d0bcc0291008ad7c0b8db293875

          SHA1

          237f75d45280d0eb5b996a82f493315f0bb55d60

          SHA256

          d9b593e8c142a46843e7ce1d9e9be79689160a3fd39927efaceb454fae5cbdc1

          SHA512

          f4d57b3e5d8ecaecab2c7b479508e3376a5561730a1aed7a62a9d79b02a92b62f45b8c02ad26c96a5bffcfef5351cf23562ed29c35324c101e8e02503f1d7a21

          Download Submit

        • memory/944-57-0x00000000766D1000-0x00000000766D3000-memory.dmp

          Filesize

          8KB

          Download