Overview

overview

8

Static

static

6322b718f7...31.exe

windows7-x64

8

6322b718f7...31.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    90s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/11/2022, 15:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6322b718f762c451d185e0ed48c4e9ed3764d1bfcbb31ac7997ff530622f2331.exe

  • Size

    339KB

  • MD5

    0c5f86961f640d9b09f09d2940771671

  • SHA1

    b0580a84b79fdf6ad919ce09236220c5177deee3

  • SHA256

    6322b718f762c451d185e0ed48c4e9ed3764d1bfcbb31ac7997ff530622f2331

  • SHA512

    693c154f29877a90c9b4df310c21dba08886e0fbbdae6810d212acaaad615a6891df1775ea01532af965a2637958a583c3f37536af9b03a0af76b80ce36caca0

  • SSDEEP

    3072:CcnXZUOqqY8bOsgEYZKSxSQx+lRg+DoHVAx1n6g:CsZkqY3ESKSxSaQgqoHWXnb

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6322b718f762c451d185e0ed48c4e9ed3764d1bfcbb31ac7997ff530622f2331.exe
    "C:\Users\Admin\AppData\Local\Temp\6322b718f762c451d185e0ed48c4e9ed3764d1bfcbb31ac7997ff530622f2331.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3404
    • C:\Windows\SysWOW64\wininit32.exe
      C:\Windows\system32\wininit32.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Suspicious behavior: EnumeratesProcesses
      PID:2320

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\wininit32.exe
    Filesize

    353KB

    MD5

    98abfcd88f8ac3327ca9edaaf558fbfa

    SHA1

    a6074d64b6237a6d1c9b06435cc8a13b647d15a9

    SHA256

    cb93babeb7fa15b1eba0087729cc81367cb87cb3151c4478f09976e8b2bf331f

    SHA512

    3ad40152cf7fca1ea92fd759e125abf79848b9d4dc5e39e5b5aeeaf31a398bbeabe7c358d63d0065e49a058d63363cadbf75421a4e20b104c3fb6aa25790aae8

    Download Submit

  • C:\Windows\SysWOW64\wininit32.exe
    Filesize

    353KB

    MD5

    98abfcd88f8ac3327ca9edaaf558fbfa

    SHA1

    a6074d64b6237a6d1c9b06435cc8a13b647d15a9

    SHA256

    cb93babeb7fa15b1eba0087729cc81367cb87cb3151c4478f09976e8b2bf331f

    SHA512

    3ad40152cf7fca1ea92fd759e125abf79848b9d4dc5e39e5b5aeeaf31a398bbeabe7c358d63d0065e49a058d63363cadbf75421a4e20b104c3fb6aa25790aae8

    Download Submit

  • memory/2320-136-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2320-138-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2320-139-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/3404-132-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/3404-137-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download