Analysis
-
max time kernel
130s -
max time network
146s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
23-11-2022 12:54
Static task
static1
Behavioral task
behavioral1
Sample
deced67ec8922a8fb69bd2cc9c2dc9a1129ca3967d2f3d64d7244db7a37ca867.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
deced67ec8922a8fb69bd2cc9c2dc9a1129ca3967d2f3d64d7244db7a37ca867.exe
Resource
win10v2004-20221111-en
General
-
Target
deced67ec8922a8fb69bd2cc9c2dc9a1129ca3967d2f3d64d7244db7a37ca867.exe
-
Size
36KB
-
MD5
631642b3ebcc9970ae58228f8987f0ec
-
SHA1
bdd57f72356d766040622e4cc60158be9e92e1a6
-
SHA256
deced67ec8922a8fb69bd2cc9c2dc9a1129ca3967d2f3d64d7244db7a37ca867
-
SHA512
3b9a86c4564d81901075e27bb66fd6b03686701bf2fa4210fd42440275c62d073f2e05a151654bb8fe110ddf48da7d0a540e18e952be9cc1bc6c98986f1159ec
-
SSDEEP
384:NJre6kNyTbZuCd+31tr4adZjtyMyL5aMiOudM5QqnWwjcRAD30s2:NU6kkhlIX4adZj8L5rbeLXwARAD30s
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
ywkkso.exepid process 1044 ywkkso.exe -
Drops file in Windows directory 2 IoCs
Processes:
deced67ec8922a8fb69bd2cc9c2dc9a1129ca3967d2f3d64d7244db7a37ca867.exedescription ioc process File created C:\Windows\ywkkso.exe deced67ec8922a8fb69bd2cc9c2dc9a1129ca3967d2f3d64d7244db7a37ca867.exe File opened for modification C:\Windows\ywkkso.exe deced67ec8922a8fb69bd2cc9c2dc9a1129ca3967d2f3d64d7244db7a37ca867.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\deced67ec8922a8fb69bd2cc9c2dc9a1129ca3967d2f3d64d7244db7a37ca867.exe"C:\Users\Admin\AppData\Local\Temp\deced67ec8922a8fb69bd2cc9c2dc9a1129ca3967d2f3d64d7244db7a37ca867.exe"1⤵
- Drops file in Windows directory
PID:1744
-
C:\Windows\ywkkso.exeC:\Windows\ywkkso.exe1⤵
- Executes dropped EXE
PID:1044
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
36KB
MD5631642b3ebcc9970ae58228f8987f0ec
SHA1bdd57f72356d766040622e4cc60158be9e92e1a6
SHA256deced67ec8922a8fb69bd2cc9c2dc9a1129ca3967d2f3d64d7244db7a37ca867
SHA5123b9a86c4564d81901075e27bb66fd6b03686701bf2fa4210fd42440275c62d073f2e05a151654bb8fe110ddf48da7d0a540e18e952be9cc1bc6c98986f1159ec