eea7647cadec526a0a3b07082b15ee002c2333859e2a4d738964743cb1aa47be

Analysis

max time kernel
41s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
30/10/2022, 15:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eea7647cadec526a0a3b07082b15ee002c2333859e2a4d738964743cb1aa47be.exe
Size

184KB
MD5

821cdee6e72c5da5130a13ab50862b70
SHA1

0d80e67479d7cb00bb6a9f2ca74c5e43939d01b8
SHA256

eea7647cadec526a0a3b07082b15ee002c2333859e2a4d738964743cb1aa47be
SHA512

54c3cefb660d7a57a0c27ba21eb810902ebb4ff6bf73da5315d8af2dfdedb50d1d37411955a1500eef093b894cb4a86dbe275da99769d6a88a3ea24bca25ef07
SSDEEP

3072:xnrRqBYMmJGGlsw23uoYR1zRVufMbCmuhi3URpC4IUhdhLhPhAeY:xSDYaB3uTRsmu1pJIU3hhh6

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2000	facebook hack v6.2.Exe
1732	facebook hack v6..exe

Loads dropped DLL 8 IoCs

pid	Process
1912	eea7647cadec526a0a3b07082b15ee002c2333859e2a4d738964743cb1aa47be.exe
1912	eea7647cadec526a0a3b07082b15ee002c2333859e2a4d738964743cb1aa47be.exe
1912	eea7647cadec526a0a3b07082b15ee002c2333859e2a4d738964743cb1aa47be.exe
2000	facebook hack v6.2.Exe
2000	facebook hack v6.2.Exe
2000	facebook hack v6.2.Exe
1732	facebook hack v6..exe
1732	facebook hack v6..exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 1912 wrote to memory of 2000	1912	eea7647cadec526a0a3b07082b15ee002c2333859e2a4d738964743cb1aa47be.exe	28
PID 1912 wrote to memory of 2000	1912	eea7647cadec526a0a3b07082b15ee002c2333859e2a4d738964743cb1aa47be.exe	28
PID 1912 wrote to memory of 2000	1912	eea7647cadec526a0a3b07082b15ee002c2333859e2a4d738964743cb1aa47be.exe	28
PID 1912 wrote to memory of 2000	1912	eea7647cadec526a0a3b07082b15ee002c2333859e2a4d738964743cb1aa47be.exe	28
PID 1912 wrote to memory of 2000	1912	eea7647cadec526a0a3b07082b15ee002c2333859e2a4d738964743cb1aa47be.exe	28
PID 1912 wrote to memory of 2000	1912	eea7647cadec526a0a3b07082b15ee002c2333859e2a4d738964743cb1aa47be.exe	28
PID 1912 wrote to memory of 2000	1912	eea7647cadec526a0a3b07082b15ee002c2333859e2a4d738964743cb1aa47be.exe	28
PID 1912 wrote to memory of 1732	1912	eea7647cadec526a0a3b07082b15ee002c2333859e2a4d738964743cb1aa47be.exe	29
PID 1912 wrote to memory of 1732	1912	eea7647cadec526a0a3b07082b15ee002c2333859e2a4d738964743cb1aa47be.exe	29
PID 1912 wrote to memory of 1732	1912	eea7647cadec526a0a3b07082b15ee002c2333859e2a4d738964743cb1aa47be.exe	29
PID 1912 wrote to memory of 1732	1912	eea7647cadec526a0a3b07082b15ee002c2333859e2a4d738964743cb1aa47be.exe	29
PID 1912 wrote to memory of 1732	1912	eea7647cadec526a0a3b07082b15ee002c2333859e2a4d738964743cb1aa47be.exe	29
PID 1912 wrote to memory of 1732	1912	eea7647cadec526a0a3b07082b15ee002c2333859e2a4d738964743cb1aa47be.exe	29
PID 1912 wrote to memory of 1732	1912	eea7647cadec526a0a3b07082b15ee002c2333859e2a4d738964743cb1aa47be.exe	29

C:\Users\Admin\AppData\Local\Temp\eea7647cadec526a0a3b07082b15ee002c2333859e2a4d738964743cb1aa47be.exe
"C:\Users\Admin\AppData\Local\Temp\eea7647cadec526a0a3b07082b15ee002c2333859e2a4d738964743cb1aa47be.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1912
- C:\Users\Admin\AppData\Local\Temp\facebook hack v6.2.Exe
  "C:\Users\Admin\AppData\Local\Temp\facebook hack v6.2.Exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2000
- C:\Users\Admin\AppData\Local\Temp\facebook hack v6..exe
  "C:\Users\Admin\AppData\Local\Temp\facebook hack v6..exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1732

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\facebook hack v6..exe

Filesize
33KB

MD5
596805c542b24fc7e9f1b689e9490941

SHA1
68736e9600a135b9fb7a9d8b0040eee395112cd6

SHA256
2c4e9e949f75f44889b71223267df3c7ecec8489bdf27b269247c787f459001d

SHA512
e43c3eb8970f92f25072b315b0cdd4bd9b3ec06b50c08524e6fc820a83f29713e7a75a65ed436da623ff7574e4f2196f5848dc3f7a5b0ab39af110fcfa77aaa7

Download Submit
C:\Users\Admin\AppData\Local\Temp\facebook hack v6..exe

Filesize
33KB

MD5
596805c542b24fc7e9f1b689e9490941

SHA1
68736e9600a135b9fb7a9d8b0040eee395112cd6

SHA256
2c4e9e949f75f44889b71223267df3c7ecec8489bdf27b269247c787f459001d

SHA512
e43c3eb8970f92f25072b315b0cdd4bd9b3ec06b50c08524e6fc820a83f29713e7a75a65ed436da623ff7574e4f2196f5848dc3f7a5b0ab39af110fcfa77aaa7

Download Submit
C:\Users\Admin\AppData\Local\Temp\facebook hack v6.2.Exe

Filesize
309KB

MD5
5b32674ed2aab6a1c987f12048c9c362

SHA1
6d6ad39281c73303700943913acb83733e9693ce

SHA256
95b70d4ee8c613a8b714488c729cfd086505d9a53abb5d0879e3c28e578dc668

SHA512
034fbb688cba4a25ef07fc206e59b9a6eb8092d225a6b4ed62b99e29bce003e2d7b45843ea3f908e7027d17519cb6b229b910648a4790b905f0e161d3d22e730

Download Submit
C:\Users\Admin\AppData\Local\Temp\facebook hack v6.2.Exe

Filesize
309KB

MD5
5b32674ed2aab6a1c987f12048c9c362

SHA1
6d6ad39281c73303700943913acb83733e9693ce

SHA256
95b70d4ee8c613a8b714488c729cfd086505d9a53abb5d0879e3c28e578dc668

SHA512
034fbb688cba4a25ef07fc206e59b9a6eb8092d225a6b4ed62b99e29bce003e2d7b45843ea3f908e7027d17519cb6b229b910648a4790b905f0e161d3d22e730

Download Submit
\Users\Admin\AppData\Local\Temp\facebook hack v6..exe

Filesize
33KB

MD5
596805c542b24fc7e9f1b689e9490941

SHA1
68736e9600a135b9fb7a9d8b0040eee395112cd6

SHA256
2c4e9e949f75f44889b71223267df3c7ecec8489bdf27b269247c787f459001d

SHA512
e43c3eb8970f92f25072b315b0cdd4bd9b3ec06b50c08524e6fc820a83f29713e7a75a65ed436da623ff7574e4f2196f5848dc3f7a5b0ab39af110fcfa77aaa7

Download Submit
\Users\Admin\AppData\Local\Temp\facebook hack v6..exe

Filesize
33KB

MD5
596805c542b24fc7e9f1b689e9490941

SHA1
68736e9600a135b9fb7a9d8b0040eee395112cd6

SHA256
2c4e9e949f75f44889b71223267df3c7ecec8489bdf27b269247c787f459001d

SHA512
e43c3eb8970f92f25072b315b0cdd4bd9b3ec06b50c08524e6fc820a83f29713e7a75a65ed436da623ff7574e4f2196f5848dc3f7a5b0ab39af110fcfa77aaa7

Download Submit
\Users\Admin\AppData\Local\Temp\facebook hack v6..exe

Filesize
33KB

MD5
596805c542b24fc7e9f1b689e9490941

SHA1
68736e9600a135b9fb7a9d8b0040eee395112cd6

SHA256
2c4e9e949f75f44889b71223267df3c7ecec8489bdf27b269247c787f459001d

SHA512
e43c3eb8970f92f25072b315b0cdd4bd9b3ec06b50c08524e6fc820a83f29713e7a75a65ed436da623ff7574e4f2196f5848dc3f7a5b0ab39af110fcfa77aaa7

Download Submit
\Users\Admin\AppData\Local\Temp\facebook hack v6.2.Exe

Filesize
309KB

MD5
5b32674ed2aab6a1c987f12048c9c362

SHA1
6d6ad39281c73303700943913acb83733e9693ce

SHA256
95b70d4ee8c613a8b714488c729cfd086505d9a53abb5d0879e3c28e578dc668

SHA512
034fbb688cba4a25ef07fc206e59b9a6eb8092d225a6b4ed62b99e29bce003e2d7b45843ea3f908e7027d17519cb6b229b910648a4790b905f0e161d3d22e730

Download Submit
\Users\Admin\AppData\Local\Temp\facebook hack v6.2.Exe

Filesize
309KB

MD5
5b32674ed2aab6a1c987f12048c9c362

SHA1
6d6ad39281c73303700943913acb83733e9693ce

SHA256
95b70d4ee8c613a8b714488c729cfd086505d9a53abb5d0879e3c28e578dc668

SHA512
034fbb688cba4a25ef07fc206e59b9a6eb8092d225a6b4ed62b99e29bce003e2d7b45843ea3f908e7027d17519cb6b229b910648a4790b905f0e161d3d22e730

Download Submit
\Users\Admin\AppData\Local\Temp\facebook hack v6.2.Exe

Filesize
309KB

MD5
5b32674ed2aab6a1c987f12048c9c362

SHA1
6d6ad39281c73303700943913acb83733e9693ce

SHA256
95b70d4ee8c613a8b714488c729cfd086505d9a53abb5d0879e3c28e578dc668

SHA512
034fbb688cba4a25ef07fc206e59b9a6eb8092d225a6b4ed62b99e29bce003e2d7b45843ea3f908e7027d17519cb6b229b910648a4790b905f0e161d3d22e730

Download Submit
\Users\Admin\AppData\Local\Temp\facebook hack v6.2.Exe

Filesize
309KB

MD5
5b32674ed2aab6a1c987f12048c9c362

SHA1
6d6ad39281c73303700943913acb83733e9693ce

SHA256
95b70d4ee8c613a8b714488c729cfd086505d9a53abb5d0879e3c28e578dc668

SHA512
034fbb688cba4a25ef07fc206e59b9a6eb8092d225a6b4ed62b99e29bce003e2d7b45843ea3f908e7027d17519cb6b229b910648a4790b905f0e161d3d22e730

Download Submit
\Users\Admin\AppData\Local\Temp\facebook hack v6.2.Exe

Filesize
309KB

MD5
5b32674ed2aab6a1c987f12048c9c362

SHA1
6d6ad39281c73303700943913acb83733e9693ce

SHA256
95b70d4ee8c613a8b714488c729cfd086505d9a53abb5d0879e3c28e578dc668

SHA512
034fbb688cba4a25ef07fc206e59b9a6eb8092d225a6b4ed62b99e29bce003e2d7b45843ea3f908e7027d17519cb6b229b910648a4790b905f0e161d3d22e730

Download Submit
memory/1732-71-0x0000000000A60000-0x0000000000A70000-memory.dmp

Filesize
64KB

Download
memory/1732-73-0x0000000004E95000-0x0000000004EA6000-memory.dmp

Filesize
68KB

Download
memory/1912-54-0x00000000763F1000-0x00000000763F3000-memory.dmp

Filesize
8KB

Download
memory/2000-72-0x0000000074590000-0x0000000074B3B000-memory.dmp

Filesize
5.7MB

Download
memory/2000-74-0x0000000074590000-0x0000000074B3B000-memory.dmp

Filesize
5.7MB

Download