5fc88ec4a5c5b2b22d6a01a3e2906a7e917002d055b812812d9c69f454c0703d

Analysis

max time kernel
92s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
30-10-2022 08:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5fc88ec4a5c5b2b22d6a01a3e2906a7e917002d055b812812d9c69f454c0703d.exe
Size

135KB
MD5

84d3ec531bec3046f9dc64639a6ee6f2
SHA1

112c306cf379630eb7652bca6d38879a9466975e
SHA256

5fc88ec4a5c5b2b22d6a01a3e2906a7e917002d055b812812d9c69f454c0703d
SHA512

da0db347bdea545ed85e41471a61010556a21f1a665f07132415809e6957cb4413d30bdb3000c9dfe27e175759da8ad91d7e20415fd99c588701907d87f0f574
SSDEEP

3072:9O1GtcbIKasyFRMgPIcI22uLLtbfYxAhNvzxout:9OYtcMrkgPnZ2uHtc2TvzxoS

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3624	msprxysvc32.exe

Drops file in System32 directory 4 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\msprxysvc32.exe	5fc88ec4a5c5b2b22d6a01a3e2906a7e917002d055b812812d9c69f454c0703d.exe
File opened for modification	C:\Windows\SysWOW64\msprxysvc32.exe	5fc88ec4a5c5b2b22d6a01a3e2906a7e917002d055b812812d9c69f454c0703d.exe
File opened for modification	C:\Windows\SysWOW64\msprxysvc32.exe	msprxysvc32.exe
File created	C:\Windows\SysWOW64\msprxysvc32.exe	msprxysvc32.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4928 wrote to memory of 3624	4928	5fc88ec4a5c5b2b22d6a01a3e2906a7e917002d055b812812d9c69f454c0703d.exe	82
PID 4928 wrote to memory of 3624	4928	5fc88ec4a5c5b2b22d6a01a3e2906a7e917002d055b812812d9c69f454c0703d.exe	82
PID 4928 wrote to memory of 3624	4928	5fc88ec4a5c5b2b22d6a01a3e2906a7e917002d055b812812d9c69f454c0703d.exe	82
PID 3624 wrote to memory of 4964	3624	msprxysvc32.exe	89
PID 3624 wrote to memory of 4964	3624	msprxysvc32.exe	89
PID 3624 wrote to memory of 4964	3624	msprxysvc32.exe	89

C:\Users\Admin\AppData\Local\Temp\5fc88ec4a5c5b2b22d6a01a3e2906a7e917002d055b812812d9c69f454c0703d.exe
"C:\Users\Admin\AppData\Local\Temp\5fc88ec4a5c5b2b22d6a01a3e2906a7e917002d055b812812d9c69f454c0703d.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4928
- C:\Windows\SysWOW64\msprxysvc32.exe
  C:\Windows\system32\msprxysvc32.exe 1148 "C:\Users\Admin\AppData\Local\Temp\5fc88ec4a5c5b2b22d6a01a3e2906a7e917002d055b812812d9c69f454c0703d.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:3624
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\del.bat C:\Windows\SysWOW64\msprxysvc32.exe
    3⤵
    PID:4964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\del.bat

Filesize
136B

MD5
bfcf9cc6d1c37953dfa43312e2c36140

SHA1
07a4c0f29b282c34be24c312c4b920e479f4cee0

SHA256
bac7cce52aeba3a2e2ce2bb6aebf50ffa65530d0d51ca49a2abc7f4e43ce3ce5

SHA512
fb661474557e7168d4050607863b57649fa12a26ab9bd06078ae3254d003d76cfed4eac3d0a78a56eaf0ecc5b231d52788b6c8688cb14b0c86a37efe90f5f53a

Download Submit
C:\Windows\SysWOW64\msprxysvc32.exe

Filesize
135KB

MD5
84d3ec531bec3046f9dc64639a6ee6f2

SHA1
112c306cf379630eb7652bca6d38879a9466975e

SHA256
5fc88ec4a5c5b2b22d6a01a3e2906a7e917002d055b812812d9c69f454c0703d

SHA512
da0db347bdea545ed85e41471a61010556a21f1a665f07132415809e6957cb4413d30bdb3000c9dfe27e175759da8ad91d7e20415fd99c588701907d87f0f574

Download Submit
C:\Windows\SysWOW64\msprxysvc32.exe

Filesize
135KB

MD5
84d3ec531bec3046f9dc64639a6ee6f2

SHA1
112c306cf379630eb7652bca6d38879a9466975e

SHA256
5fc88ec4a5c5b2b22d6a01a3e2906a7e917002d055b812812d9c69f454c0703d

SHA512
da0db347bdea545ed85e41471a61010556a21f1a665f07132415809e6957cb4413d30bdb3000c9dfe27e175759da8ad91d7e20415fd99c588701907d87f0f574

Download Submit
memory/3624-133-0x0000000000000000-mapping.dmp

Download
memory/3624-137-0x0000000000400000-0x000000000049F000-memory.dmp

Filesize
636KB

Download
memory/3624-139-0x0000000000400000-0x000000000049F000-memory.dmp

Filesize
636KB

Download
memory/4928-132-0x0000000000400000-0x000000000049F000-memory.dmp

Filesize
636KB

Download
memory/4928-136-0x0000000000400000-0x000000000049F000-memory.dmp

Filesize
636KB

Download
memory/4964-138-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads