Analysis
-
max time kernel
180s -
max time network
188s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
30-10-2022 08:16
Static task
static1
Behavioral task
behavioral1
Sample
b2e846ba51f653fb7a411adafe9af797fd765d1e23ff1e2f85f0884b83af74de.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
b2e846ba51f653fb7a411adafe9af797fd765d1e23ff1e2f85f0884b83af74de.exe
Resource
win10v2004-20220812-en
General
-
Target
b2e846ba51f653fb7a411adafe9af797fd765d1e23ff1e2f85f0884b83af74de.exe
-
Size
36KB
-
MD5
935978a1f4c525e9f359b7b0b7510460
-
SHA1
143d9f5e3b05b8f666f1b96d0c815af6cd093d37
-
SHA256
b2e846ba51f653fb7a411adafe9af797fd765d1e23ff1e2f85f0884b83af74de
-
SHA512
d0e2f776a8a889ce663af43dd8b9ac841175fd978f90ccc04f92a3e40b5b97ab9f09f7a94d0282b56abfa544952f429b24115798e28c42c38a800dd4e3d9d2a1
-
SSDEEP
768:XjTSNXV2W7BOzUNPv0Brf29QGsQrmhDXu7Y:X3Sb5szUNPMoQGsQrmhl
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 4888 youcanhelp.exe -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 5 icanhazip.com -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4548 wrote to memory of 4888 4548 b2e846ba51f653fb7a411adafe9af797fd765d1e23ff1e2f85f0884b83af74de.exe 81 PID 4548 wrote to memory of 4888 4548 b2e846ba51f653fb7a411adafe9af797fd765d1e23ff1e2f85f0884b83af74de.exe 81 PID 4548 wrote to memory of 4888 4548 b2e846ba51f653fb7a411adafe9af797fd765d1e23ff1e2f85f0884b83af74de.exe 81
Processes
-
C:\Users\Admin\AppData\Local\Temp\b2e846ba51f653fb7a411adafe9af797fd765d1e23ff1e2f85f0884b83af74de.exe"C:\Users\Admin\AppData\Local\Temp\b2e846ba51f653fb7a411adafe9af797fd765d1e23ff1e2f85f0884b83af74de.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4548 -
C:\Users\Admin\AppData\Local\Temp\youcanhelp.exeC:\Users\Admin\AppData\Local\Temp\youcanhelp.exe2⤵
- Executes dropped EXE
PID:4888
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
206B
MD5127eaa247bb966beefaa866b9a787b92
SHA1ddd43a5215c95e821611ba1a246af6c2b510cbb9
SHA2568ee095b52583879d21496e315e247d043ff0148d41709e857dfb37a896407c62
SHA5129571976cf77fb67807b5488b822d58c8ae2f6925faf75bebfdc0a7f0ef9de07b8b07a6908b2d7fb5eb36c5a87206be5b373ae21f4d123e9d692ff05834329fe2
-
Filesize
36KB
MD5935978a1f4c525e9f359b7b0b7510460
SHA1143d9f5e3b05b8f666f1b96d0c815af6cd093d37
SHA256b2e846ba51f653fb7a411adafe9af797fd765d1e23ff1e2f85f0884b83af74de
SHA512d0e2f776a8a889ce663af43dd8b9ac841175fd978f90ccc04f92a3e40b5b97ab9f09f7a94d0282b56abfa544952f429b24115798e28c42c38a800dd4e3d9d2a1
-
Filesize
36KB
MD5935978a1f4c525e9f359b7b0b7510460
SHA1143d9f5e3b05b8f666f1b96d0c815af6cd093d37
SHA256b2e846ba51f653fb7a411adafe9af797fd765d1e23ff1e2f85f0884b83af74de
SHA512d0e2f776a8a889ce663af43dd8b9ac841175fd978f90ccc04f92a3e40b5b97ab9f09f7a94d0282b56abfa544952f429b24115798e28c42c38a800dd4e3d9d2a1