Overview

overview

6

Static

static

1661bfeadd...f7.exe

windows7-x64

6

1661bfeadd...f7.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    137s
  • max time network
    166s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    30/10/2022, 04:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1661bfeadd166b7d801a56ec8941237fd7bb6bd8141030f0977bea41432e46f7.exe

  • Size

    318KB

  • MD5

    844514c2db426ce635783da6e031b781

  • SHA1

    6c096ce1c22af71236e70d0874263e71d2a96791

  • SHA256

    1661bfeadd166b7d801a56ec8941237fd7bb6bd8141030f0977bea41432e46f7

  • SHA512

    63e425cdc711b47e2d4068ba019adc10ab7f9a36a6304e788e68b5e706272b133158523ead8d43d281653eeb58334765c64f63cad602835523beb7d725fb3870

  • SSDEEP

    6144:YGP+lR74jyQZdo5V/0G1sxYcyorPmG1G3ISFcyt49a:YA+P7sXY0/xNugSy9a

Score
6/10
discovery

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in Windows directory 1 IoCs
  • Modifies system certificate store 2 TTPs 6 IoCs
    evasionspywaretrojan

Processes

  • C:\Users\Admin\AppData\Local\Temp\1661bfeadd166b7d801a56ec8941237fd7bb6bd8141030f0977bea41432e46f7.exe
    "C:\Users\Admin\AppData\Local\Temp\1661bfeadd166b7d801a56ec8941237fd7bb6bd8141030f0977bea41432e46f7.exe"
    1⤵
    • Maps connected drives based on registry
    • Drops file in Windows directory
    • Modifies system certificate store
    PID:1004

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1004-54-0x0000000075211000-0x0000000075213000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1004-55-0x0000000000370000-0x000000000039F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1004-59-0x00000000033B0000-0x00000000033D7000-memory.dmp

    Filesize

    156KB

    Download