Overview

overview

1

Static

static

89e77b2b72...54.exe

windows7-x64

1

89e77b2b72...54.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    130s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    30/10/2022, 15:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    89e77b2b720911057f244dcb36cf4ecea6464e90def28c433235ef44a7ff5954.exe

  • Size

    138KB

  • MD5

    82cea775104220d6e6c0f38ac6a6bc40

  • SHA1

    577ffaff91f401a320eee39de2149ba801366d9b

  • SHA256

    89e77b2b720911057f244dcb36cf4ecea6464e90def28c433235ef44a7ff5954

  • SHA512

    88558aa6f24459a5e8340644f1eec30b8afbbf3fbff695223285346aecdd2ab787ca222dfcad0ac319a08749b849408b62bb49ace0f90f37b6dcb3cf81f0b478

  • SSDEEP

    3072:e8ja7ASQoLnL4lxgJAsh4KLSHfn9jnmsDyUCfR:f0QUL6fKLEnms

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\89e77b2b720911057f244dcb36cf4ecea6464e90def28c433235ef44a7ff5954.exe
    "C:\Users\Admin\AppData\Local\Temp\89e77b2b720911057f244dcb36cf4ecea6464e90def28c433235ef44a7ff5954.exe"
    1⤵
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1052
    • C:\Windows\SysWOW64\svchost.exe
      svchost.exe
      2⤵
        PID:1240

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1052-54-0x0000000075931000-0x0000000075933000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1052-57-0x0000000000270000-0x0000000000283000-memory.dmp

      Filesize

      76KB

      Download

    • memory/1052-58-0x0000000000400000-0x0000000000413000-memory.dmp

      Filesize

      76KB

      Download

    • memory/1240-59-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

      Download

    • memory/1240-60-0x0000000000090000-0x00000000000A1000-memory.dmp

      Filesize

      68KB

      Download

    • memory/1240-61-0x00000000001B0000-0x0000000000230000-memory.dmp

      Filesize

      512KB

      Download