Overview

overview

8

Static

static

2b4c8670fc...8b.exe

windows7-x64

8

2b4c8670fc...8b.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    153s
  • max time network
    168s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/11/2022, 13:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2b4c8670fca59ae3d95011f1e467d14d35961c59f271755ad28ce0ba0d5b678b.exe

  • Size

    34KB

  • MD5

    20a6bd5056519b16ae0bfc9814362480

  • SHA1

    5bcb123d42517f0a5bcb32a7072484d61833381c

  • SHA256

    2b4c8670fca59ae3d95011f1e467d14d35961c59f271755ad28ce0ba0d5b678b

  • SHA512

    bc9658612c4b9c6986dca5ea2dd3f9d7e1e97149ef82516467fcacebc795438216d0b991b8a16299232dd39916f5210dc428ed17b77fcb23f949b2a58e4c9721

  • SSDEEP

    768:NeT+mrGznfVKyEtFOM8uohyYzR9oRZktorEhQ0TnCO5uzd:cTGBmtAK23/4Wor/aC9d

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2b4c8670fca59ae3d95011f1e467d14d35961c59f271755ad28ce0ba0d5b678b.exe
    "C:\Users\Admin\AppData\Local\Temp\2b4c8670fca59ae3d95011f1e467d14d35961c59f271755ad28ce0ba0d5b678b.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3628
    • C:\Users\Admin\AppData\Local\Temp\nioltei.exe
      C:\Users\Admin\AppData\Local\Temp\nioltei.exe
      2⤵
      • Executes dropped EXE
      PID:2128

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nioltei.exe
    Filesize

    34KB

    MD5

    5ac44a9537286d4d1d7108bf8e7cd3c6

    SHA1

    da1ba6e106c23dea5917f56c3ae478b4bec7cc91

    SHA256

    c41c26262543a0e736d04bc7507702de2d88a78b787fe615a53ef0f55be06237

    SHA512

    26df443bcaad2e789f26dc922bf6c04a8df093884e64b902a5e621235186869a26565cd4acf436243f17fb5b6b5a143cdd42c9a1d6cc17ee999dbf1c8b763d58

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nioltei.exe
    Filesize

    34KB

    MD5

    5ac44a9537286d4d1d7108bf8e7cd3c6

    SHA1

    da1ba6e106c23dea5917f56c3ae478b4bec7cc91

    SHA256

    c41c26262543a0e736d04bc7507702de2d88a78b787fe615a53ef0f55be06237

    SHA512

    26df443bcaad2e789f26dc922bf6c04a8df093884e64b902a5e621235186869a26565cd4acf436243f17fb5b6b5a143cdd42c9a1d6cc17ee999dbf1c8b763d58

    Download Submit

  • memory/2128-136-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/3628-135-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download