a59b0fc794a2c4a56a989a5077e6fab8c213dedc5ba0deed812b905a1a8c43d7

Analysis

max time kernel
166s
max time network
177s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 23:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a59b0fc794a2c4a56a989a5077e6fab8c213dedc5ba0deed812b905a1a8c43d7.exe
Size

272KB
MD5

2e412948e8541cb02991b004e3e0acd2
SHA1

141b34b508f2a4eda9b0aa286cba5c0ad22b3f36
SHA256

a59b0fc794a2c4a56a989a5077e6fab8c213dedc5ba0deed812b905a1a8c43d7
SHA512

49e89f629528f9c2ebe9f58fb2c9972fa4dfb7914bf49a214fb9bb7e18dc7f0cb5f2bdcde2c04613fcf5332b9fbcb2621e2c6f6cbae319abd1200d957f6982fb
SSDEEP

3072:pAZcT58MuJroX3fOcvoCqJ1vyidZxvltCxPt7yPkTsuZfI:pAZE589c9qzvy2TloDuPkwuZg

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

seyozn.exe

pid process

4568 seyozn.exe
Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery
T1018

Processes:

PING.EXE

pid process

4944 PING.EXE

pid	process
4568	seyozn.exe

pid	process
4944	PING.EXE

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

a59b0fc794a2c4a56a989a5077e6fab8c213dedc5ba0deed812b905a1a8c43d7.execmd.exe

description	pid	process	target process
PID 4676 wrote to memory of 2128	4676	a59b0fc794a2c4a56a989a5077e6fab8c213dedc5ba0deed812b905a1a8c43d7.exe	cmd.exe
PID 4676 wrote to memory of 2128	4676	a59b0fc794a2c4a56a989a5077e6fab8c213dedc5ba0deed812b905a1a8c43d7.exe	cmd.exe
PID 4676 wrote to memory of 2128	4676	a59b0fc794a2c4a56a989a5077e6fab8c213dedc5ba0deed812b905a1a8c43d7.exe	cmd.exe
PID 2128 wrote to memory of 4568	2128	cmd.exe	seyozn.exe
PID 2128 wrote to memory of 4568	2128	cmd.exe	seyozn.exe
PID 2128 wrote to memory of 4568	2128	cmd.exe	seyozn.exe
PID 2128 wrote to memory of 4944	2128	cmd.exe	PING.EXE
PID 2128 wrote to memory of 4944	2128	cmd.exe	PING.EXE
PID 2128 wrote to memory of 4944	2128	cmd.exe	PING.EXE

C:\Users\Admin\AppData\Local\Temp\a59b0fc794a2c4a56a989a5077e6fab8c213dedc5ba0deed812b905a1a8c43d7.exe
"C:\Users\Admin\AppData\Local\Temp\a59b0fc794a2c4a56a989a5077e6fab8c213dedc5ba0deed812b905a1a8c43d7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4676

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\edymakg.bat
2⤵
- Suspicious use of WriteProcessMemory
PID:2128

C:\Users\Admin\AppData\Local\Temp\seyozn.exe
"C:\Users\Admin\AppData\Local\Temp\seyozn.exe"
3⤵
- Executes dropped EXE
PID:4568

C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1
3⤵
- Runs ping.exe
PID:4944

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\edymakg.bat

Filesize
124B

MD5
62aa3ee24713098e1547a9d2d000f081

SHA1
68c8e1e6e95807ec02c18de4bb8978d4f85728c5

SHA256
d18a791756f2777f745ae0eeb63d94ae9ff72272180f13c0db2d31528afcaece

SHA512
c5bb23897731ea393b6db6aef669c5cda1a11eb02154d74f0d81d9e9a87ffc26e0554f1a4267585227baef15f07f3b3a011e0ec7bfdbcded58faa5195c88ecbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\seyozn.exe

Filesize
172KB

MD5
5d0d1babe462d672110e94b053700ab1

SHA1
4993684c9eaa9305ab16dddec7e040f3765f61bf

SHA256
efee80cbdf12667f84d5afd5b8e4fb2a92785fe6f120f545f201ae6de76945da

SHA512
285cefdd1bd1ad8ac19482bc35a8c749df0499fc3b365e5408a051e1c18e8bb49a6910119a514cf72b1317bcdf7a795b4edd0093992989816b56dbe82ebfd5bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\seyozn.exe

Filesize
172KB

MD5
5d0d1babe462d672110e94b053700ab1

SHA1
4993684c9eaa9305ab16dddec7e040f3765f61bf

SHA256
efee80cbdf12667f84d5afd5b8e4fb2a92785fe6f120f545f201ae6de76945da

SHA512
285cefdd1bd1ad8ac19482bc35a8c749df0499fc3b365e5408a051e1c18e8bb49a6910119a514cf72b1317bcdf7a795b4edd0093992989816b56dbe82ebfd5bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\sfmoon.bat

Filesize
188B

MD5
5ace494291ee57590c1bde2b55333e9d

SHA1
aa6a605aeffdd71e3ce87a7035ac9c1569827d05

SHA256
23e149c35d5b5bc20d3545d46fb853517699046c7ac75ca7d012a71ef4032f06

SHA512
6fbd32e90297156924c108e4180b9a88cf4eeb98a51987f1dcea309b6df9e654c608614bcc48d5cc74461ddb314516bfcd16517891b64f103d028797d8da4aa2

Download Submit
memory/2128-132-0x0000000000000000-mapping.dmp

Download
memory/4568-135-0x0000000000000000-mapping.dmp

Download
memory/4944-138-0x0000000000000000-mapping.dmp

Download