Overview

overview

1

Static

static

af5e9f124f...ef.exe

windows7-x64

1

af5e9f124f...ef.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/11/2022, 22:50

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    af5e9f124fdb8c850919e007c247111ba91ffcbf5dfcf54a27f4a310b4c15fef.exe

  • Size

    1.3MB

  • MD5

    3daae0d6a8f8c2b82aefc83048837362

  • SHA1

    631863756d841cad4bbba1fc23319f3ddf7356e0

  • SHA256

    af5e9f124fdb8c850919e007c247111ba91ffcbf5dfcf54a27f4a310b4c15fef

  • SHA512

    0b454cf5920fe99cf51b06f9be81a8879eb94273d405a0b1a6d33c1580a2ba13022cef6d7ce6b70531b8cf4420f33c33d782d3b771988694640aade93f27ac4f

  • SSDEEP

    12288:ep7a/M9zAOP1vva4TbSMEOcE1qlwppp04X8zIG1++G3euaii:ep7a/M/Qyb5EBEYlwHS4X8zIG1tG3+d

Score
1/10

Malware Config

Signatures

  • Runs net.exe
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\af5e9f124fdb8c850919e007c247111ba91ffcbf5dfcf54a27f4a310b4c15fef.exe
    "C:\Users\Admin\AppData\Local\Temp\af5e9f124fdb8c850919e007c247111ba91ffcbf5dfcf54a27f4a310b4c15fef.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3284
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\works.bat
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2268
      • C:\Windows\SysWOW64\net.exe
        net config workstation
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:3576
        • C:\Windows\SysWOW64\net1.exe
          C:\Windows\system32\net1 config workstation
          4⤵
            PID:2508
        • C:\Windows\SysWOW64\find.exe
          find "╣ñ╫≈╒╛╙≥"
          3⤵
            PID:4804
          • C:\Windows\SysWOW64\find.exe
            find /V "DNS"
            3⤵
              PID:1020

        Network

              MITRE ATT&CK Matrix

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\Temp\works.bat
                Filesize

                103B

                MD5

                101b9bd45a244acd12987c3888d90cfa

                SHA1

                f585d91870d9c25ac2323661f4f7f15e5c0b3d54

                SHA256

                ace61e6d4b365ec6c8eaf0abbc5e5a014aede58502d864984ef99dce59aab30a

                SHA512

                4483a18a31a67834329db869535b688aa83cde720b75102905b645e65f86621a2112954a251ef6d20459f3eb4c7486399a1b3667a98e9f2925ae2afecb5c9c7f

                Download Submit