Analysis

  • max time kernel
    42s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    06/11/2022, 08:16

General

  • Target

    86661c3207cf787d710602a9067d464b271b3e858946c1eab311d0eae74d5aba.exe

  • Size

    514KB

  • MD5

    31b32a4b9868e2872e08cbc5edc6f1f0

  • SHA1

    8b879e7d75a05b957a49740a302eec40d63630e3

  • SHA256

    86661c3207cf787d710602a9067d464b271b3e858946c1eab311d0eae74d5aba

  • SHA512

    f680e855961e791287472d78a6772e4725f1a2421182d0fd75ef546bff9b8082de446866515df7ca227da07e15fb5313070efea3a7d1a6173198b03905e01855

  • SSDEEP

    12288:nh6Bo7lyUDyiFBpbH7Xxu8XhE9wOqWBKh7Ho0LVdM:kBo7bFvz7hhqwOqDHvfM

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\86661c3207cf787d710602a9067d464b271b3e858946c1eab311d0eae74d5aba.exe
    "C:\Users\Admin\AppData\Local\Temp\86661c3207cf787d710602a9067d464b271b3e858946c1eab311d0eae74d5aba.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1140
    • C:\Windows\SysWOW64\cmd.exe
      /c net stop MpsSvc
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1136
      • C:\Windows\SysWOW64\net.exe
        net stop MpsSvc
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:1768
        • C:\Windows\SysWOW64\net1.exe
          C:\Windows\system32\net1 stop MpsSvc
          4⤵
            PID:976
      • C:\Users\Admin\AppData\Local\Temp\86661c3207cf787d710602a9067d464b271b3e858946c1eab311d0eae74d5aba.exe
        C:\Users\Admin\AppData\Local\Temp\86661c3207cf787d710602a9067d464b271b3e858946c1eab311d0eae74d5aba.exe
        2⤵
          PID:1828

      Network

            MITRE ATT&CK Enterprise v6

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • \Users\Admin\AppData\Local\Temp\86661c3207cf787d710602a9067d464b271b3e858946c1eab311d0eae74d5aba.exe

              Filesize

              514KB

              MD5

              31b32a4b9868e2872e08cbc5edc6f1f0

              SHA1

              8b879e7d75a05b957a49740a302eec40d63630e3

              SHA256

              86661c3207cf787d710602a9067d464b271b3e858946c1eab311d0eae74d5aba

              SHA512

              f680e855961e791287472d78a6772e4725f1a2421182d0fd75ef546bff9b8082de446866515df7ca227da07e15fb5313070efea3a7d1a6173198b03905e01855

            • memory/1140-54-0x0000000075F51000-0x0000000075F53000-memory.dmp

              Filesize

              8KB

            • memory/1140-62-0x00000000001C0000-0x00000000001C4000-memory.dmp

              Filesize

              16KB

            • memory/1828-57-0x0000000000400000-0x0000000000471000-memory.dmp

              Filesize

              452KB

            • memory/1828-58-0x0000000000400000-0x0000000000471000-memory.dmp

              Filesize

              452KB