Overview

overview

3

Static

static

3c3480b2dd...de.exe

windows7-x64

1

3c3480b2dd...de.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    3s
  • max time network
    52s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    29/10/2022, 06:53

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3c3480b2dd7717b3868d1c002c65391928e8aa7692cd71675e3e68f11ad364de.exe

  • Size

    48KB

  • MD5

    706caf4648bcd024c90f8846bf731c2c

  • SHA1

    00a3abb8ac26ce55cf1ea804348cd4ae84fe7b53

  • SHA256

    3c3480b2dd7717b3868d1c002c65391928e8aa7692cd71675e3e68f11ad364de

  • SHA512

    6f3bd540b1f14622bdd8a5f1e3b679f66f8940d59bc49ddabbebe11c5b0520699eec7fa21f5713f704f3becd1cbada2cbf35fb447d1f6b1137e3b3af1ffae590

  • SSDEEP

    768:4H9TEMfH0axeQXkMjP8X+uZMLTdixaz8SUQVIMoX6ghnK3U:4HhRv0Zowqh84ti6eK3U

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3c3480b2dd7717b3868d1c002c65391928e8aa7692cd71675e3e68f11ad364de.exe
    "C:\Users\Admin\AppData\Local\Temp\3c3480b2dd7717b3868d1c002c65391928e8aa7692cd71675e3e68f11ad364de.exe"
    1⤵
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:1732
    • C:\Windows\SysWOW64\netsh.exe
      "C:\Windows\SysWOW64\netsh.exe"
      2⤵
        PID:968

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\3565\cf69488d
            Filesize

            32B

            MD5

            37c6390dd905b3159cc5be0b513360df

            SHA1

            d1fc5d4c936a0e5d39492b8d8871a3ec551915a9

            SHA256

            30bfe203488ff6f7f275ae0c4187467599b1b9005f01e48edd95d0feb8b842b0

            SHA512

            cef48ef4725bd62ed5b4d36296fa047c48d842b6e9d5a2f16e9cbc11244cfa42088dd0cc47116c1c3a041c439026bb03a5ce73c2e3e05fae65d5efcffb526391

            Download Submit

          • C:\Users\Admin\AppData\Roaming\-815183731
            Filesize

            206B

            MD5

            07b25a27c3781daadb49a20afd62faba

            SHA1

            57569476e1d7a53464812b508de3f9df504d74b5

            SHA256

            381b422b33574ae9b0880ae5c81f9cbe56b02c0a7dc6d9745c96e9a5eb43bc0b

            SHA512

            dd15112245ff9473eeea006952c3b855d5e0e423276b8cc29890fb9d435d171030d7c00096832efeaa21462e8dfb1b354ce561b9c48399330cffaec0b041652a

            Download Submit

          • memory/968-63-0x0000000000080000-0x000000000008C000-memory.dmp

            Filesize

            48KB

            Download

          • memory/968-62-0x0000000000D00000-0x0000000000D1B000-memory.dmp

            Filesize

            108KB

            Download

          • memory/1732-54-0x0000000000230000-0x0000000000244000-memory.dmp

            Filesize

            80KB

            Download

          • memory/1732-55-0x0000000075771000-0x0000000075773000-memory.dmp

            Filesize

            8KB

            Download

          • memory/1732-58-0x0000000000230000-0x0000000000244000-memory.dmp

            Filesize

            80KB

            Download

          • memory/1732-57-0x0000000000400000-0x0000000000414000-memory.dmp

            Filesize

            80KB

            Download