Overview

overview

5

Static

static

85fad34fac...5a.exe

windows7-x64

1

85fad34fac...5a.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    132s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2022 12:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    85fad34fac17c058fc85634a8ed07f3942b6ad9d73676d581d8f8584173f775a.exe

  • Size

    522KB

  • MD5

    d7f6bcbf3b6fd77a379fd6bacd4db6b1

  • SHA1

    524cd317bf9cadc4172da5de381d3dac34c83e62

  • SHA256

    85fad34fac17c058fc85634a8ed07f3942b6ad9d73676d581d8f8584173f775a

  • SHA512

    adf6899a77696a53845504c88ce8c85eebf576d0be3e889fdc5e519dc922acee560764a424c132610f31aece01c354a63f274f01b9ac1e93951ff07f1cfa3b71

  • SSDEEP

    6144:TkIAsljmJ/TfSCrHkgFnHCKgfXqDbQCsmQy1CrxQqD9RSaSz+8O5H+34e:WNraBgVHCh6XQCoy18xQqpx8O5H+

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 2 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\85fad34fac17c058fc85634a8ed07f3942b6ad9d73676d581d8f8584173f775a.exe
    "C:\Users\Admin\AppData\Local\Temp\85fad34fac17c058fc85634a8ed07f3942b6ad9d73676d581d8f8584173f775a.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2228
    • C:\Users\Admin\AppData\Local\Temp\85fad34fac17c058fc85634a8ed07f3942b6ad9d73676d581d8f8584173f775a.exe
      start
      2⤵
        PID:3264
      • C:\Users\Admin\AppData\Local\Temp\85fad34fac17c058fc85634a8ed07f3942b6ad9d73676d581d8f8584173f775a.exe
        watch
        2⤵
          PID:2476
      • C:\Windows\System32\svchost.exe
        C:\Windows\System32\svchost.exe -k netsvcs -p
        1⤵
        • Drops file in System32 directory
        • Checks processor information in registry
        • Enumerates system info in registry
        PID:3200

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2228-132-0x0000000000400000-0x000000000048C000-memory.dmp
        Filesize

        560KB

        Download
      • memory/2228-135-0x0000000000400000-0x000000000048C000-memory.dmp
        Filesize

        560KB

        Download
      • memory/2476-133-0x0000000000000000-mapping.dmp
        Download
      • memory/2476-136-0x0000000000400000-0x000000000048C000-memory.dmp
        Filesize

        560KB

        Download
      • memory/2476-138-0x0000000000400000-0x000000000048C000-memory.dmp
        Filesize

        560KB

        Download
      • memory/2476-141-0x0000000000400000-0x000000000048C000-memory.dmp
        Filesize

        560KB

        Download
      • memory/3264-134-0x0000000000000000-mapping.dmp
        Download
      • memory/3264-137-0x0000000000400000-0x000000000048C000-memory.dmp
        Filesize

        560KB

        Download
      • memory/3264-139-0x0000000000400000-0x000000000048C000-memory.dmp
        Filesize

        560KB

        Download
      • memory/3264-140-0x0000000000400000-0x000000000048C000-memory.dmp
        Filesize

        560KB

        Download