Analysis
-
max time kernel
183s -
max time network
184s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
29-10-2022 10:52
Static task
static1
Behavioral task
behavioral1
Sample
aa2012b5ff1086366f6daff33b634516680093b633187910675565e889b1ccb2.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
aa2012b5ff1086366f6daff33b634516680093b633187910675565e889b1ccb2.exe
Resource
win10v2004-20220812-en
General
-
Target
aa2012b5ff1086366f6daff33b634516680093b633187910675565e889b1ccb2.exe
-
Size
352KB
-
MD5
863b0845fafa79af965ef4bdfddadfef
-
SHA1
9362f0465ad37e597bb0434b52644a57c488005a
-
SHA256
aa2012b5ff1086366f6daff33b634516680093b633187910675565e889b1ccb2
-
SHA512
ef751b0c0ea1e3e6d7fd4e32d31fba950e7ec0d4dc0662b3426e90b7b5a4d6bd2eb8afa7e3f73fe0f6503d4457fd5bae49d5926ed26963e60d10e91ebc4bbb71
-
SSDEEP
6144:/gfAXtImXAUS7/3NYzwF7/b8/mM2kwZ1ue35re0e84lt0g:1+m1A3NhFqUp5re3LKg
Malware Config
Signatures
-
Drops file in Program Files directory 1 IoCs
description ioc Process File created C:\Program Files\Common Files\Microsoft Shared\MSINFO\FieleWay.txt aa2012b5ff1086366f6daff33b634516680093b633187910675565e889b1ccb2.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 512 wrote to memory of 952 512 aa2012b5ff1086366f6daff33b634516680093b633187910675565e889b1ccb2.exe 81 PID 512 wrote to memory of 952 512 aa2012b5ff1086366f6daff33b634516680093b633187910675565e889b1ccb2.exe 81
Processes
-
C:\Users\Admin\AppData\Local\Temp\aa2012b5ff1086366f6daff33b634516680093b633187910675565e889b1ccb2.exe"C:\Users\Admin\AppData\Local\Temp\aa2012b5ff1086366f6daff33b634516680093b633187910675565e889b1ccb2.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:512 -
C:\program files\internet explorer\IEXPLORE.EXE"C:\program files\internet explorer\IEXPLORE.EXE"2⤵PID:952
-