Overview

overview

8

Static

static

cbd4901f39...01.exe

windows7-x64

8

cbd4901f39...01.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    148s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 09:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cbd4901f39842c177e401e8fc0926cad2e388eb8999b80829ffba7a83ebe3801.exe

  • Size

    58KB

  • MD5

    20fb70c6dceaf1ef667d9b89a2f33e45

  • SHA1

    370ded8705dcc07bdb0cba8b954b486906cb5170

  • SHA256

    cbd4901f39842c177e401e8fc0926cad2e388eb8999b80829ffba7a83ebe3801

  • SHA512

    e205f76a4d9daf0ad9f6f43d322186e9056b6094fddcca5ba467a37b27c3fe9b98486328352116ca39b7dbcc6d61c03a02589740adf868cdd3f30631920b4b22

  • SSDEEP

    768:iX8amTnBCTpUtWBjW43q2Wwat4jrxTm5ZDDnyIfXyH3dWUAohfjiT5edir:iX81TBttWhWW/knzfXyHt0qfWT5Me

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates connected drives 3 TTPs 22 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 3 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cbd4901f39842c177e401e8fc0926cad2e388eb8999b80829ffba7a83ebe3801.exe
    "C:\Users\Admin\AppData\Local\Temp\cbd4901f39842c177e401e8fc0926cad2e388eb8999b80829ffba7a83ebe3801.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious behavior: RenamesItself
    PID:836
  • C:\Windows\SysWOW64\caycwq.exe
    C:\Windows\SysWOW64\caycwq.exe
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Program Files directory
    PID:880

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\caycwq.exe
    Filesize

    58KB

    MD5

    20fb70c6dceaf1ef667d9b89a2f33e45

    SHA1

    370ded8705dcc07bdb0cba8b954b486906cb5170

    SHA256

    cbd4901f39842c177e401e8fc0926cad2e388eb8999b80829ffba7a83ebe3801

    SHA512

    e205f76a4d9daf0ad9f6f43d322186e9056b6094fddcca5ba467a37b27c3fe9b98486328352116ca39b7dbcc6d61c03a02589740adf868cdd3f30631920b4b22

    Download Submit

  • C:\Windows\SysWOW64\caycwq.exe
    Filesize

    58KB

    MD5

    20fb70c6dceaf1ef667d9b89a2f33e45

    SHA1

    370ded8705dcc07bdb0cba8b954b486906cb5170

    SHA256

    cbd4901f39842c177e401e8fc0926cad2e388eb8999b80829ffba7a83ebe3801

    SHA512

    e205f76a4d9daf0ad9f6f43d322186e9056b6094fddcca5ba467a37b27c3fe9b98486328352116ca39b7dbcc6d61c03a02589740adf868cdd3f30631920b4b22

    Download Submit

  • \Windows\SysWOW64\gei33.dll
    Filesize

    70KB

    MD5

    624a079b947055be2b863a732c96f1bf

    SHA1

    ee0b15b87429a2fba4cd84320cc6bc80b56cd40f

    SHA256

    e0f164a20b9158ecf883e1afa70f958b4e4854c26b46afbdfe60feea0b2d47e7

    SHA512

    ea0b535bcaeb4d19c9c5d0e7b0c94488f8fcd0703b38cdf7b8cdba7d6e6c7f123e7e29b21ed1cd9f69b561b11382e167c70fdf32bbde171f3b81dc2fac26057a

    Download Submit

  • memory/880-57-0x0000000075071000-0x0000000075073000-memory.dmp

    Filesize

    8KB

    Download