Overview

overview

10

Static

static

ec8fb53f34...e2.exe

windows7-x64

10

ec8fb53f34...e2.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    91s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2022 15:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ec8fb53f340f4b82ed5d857cd65d5a647f1f7038b723def2669277e641dbdce2.exe

  • Size

    305KB

  • MD5

    380628f35467056cd5eedeef3188f01e

  • SHA1

    bd6cfdc7949228f8fe2ad532521f159a526a123f

  • SHA256

    ec8fb53f340f4b82ed5d857cd65d5a647f1f7038b723def2669277e641dbdce2

  • SHA512

    129204e3dc7798e61527f3739703cece7f99606d0d66c7ef499997094e2a29d574d0fa1f44fba9a49db2781ab5e6891d0ee5cc8cd97eaeaf815dd9c57a2d2ebf

  • SSDEEP

    3072:EfjboxnOCPJTY3M+iduU0Git18SFTyCMZqyFyyubKW/oaT0WMAgbPeDzQH+vpFTI:ss5YmfC3kzGKWz9w+QHCPGMSUwOoUa

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ec8fb53f340f4b82ed5d857cd65d5a647f1f7038b723def2669277e641dbdce2.exe
    "C:\Users\Admin\AppData\Local\Temp\ec8fb53f340f4b82ed5d857cd65d5a647f1f7038b723def2669277e641dbdce2.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4976
    • C:\Users\Admin\AppData\Local\Temp\ec8fb53f340f4b82ed5d857cd65d5a647f1f7038b723def2669277e641dbdce2.exe
      "C:\Users\Admin\AppData\Local\Temp\ec8fb53f340f4b82ed5d857cd65d5a647f1f7038b723def2669277e641dbdce2.exe"
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3088
      • C:\Users\Admin\AppData\Roaming\Afebw\itysy.exe
        "C:\Users\Admin\AppData\Roaming\Afebw\itysy.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:4268
        • C:\Users\Admin\AppData\Roaming\Afebw\itysy.exe
          "C:\Users\Admin\AppData\Roaming\Afebw\itysy.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: MapViewOfSection
          • Suspicious use of WriteProcessMemory
          PID:4332
          • C:\Windows\SysWOW64\explorer.exe
            "C:\Windows\SysWOW64\explorer.exe"
            5⤵
              PID:1828

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\Afebw\itysy.exe
      Filesize

      305KB

      MD5

      4c7be982b4a2732f1ff387e8bca21a27

      SHA1

      1b72d02fa6e8d7f64dcf6ff3c79d9407523d3cca

      SHA256

      5cbca92a4548f9a8ba6cae22fdf202c40fb4cd2ae6534189fc788dbd7cb5f263

      SHA512

      8ec44b167877d7a862fcb35ac9cd0b821de351a242593006833201f21fe1e5c7283c3377373499605e43d49c786eb9cf4e4b742e8f7979f3b98556aa1d3432be

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Afebw\itysy.exe
      Filesize

      305KB

      MD5

      4c7be982b4a2732f1ff387e8bca21a27

      SHA1

      1b72d02fa6e8d7f64dcf6ff3c79d9407523d3cca

      SHA256

      5cbca92a4548f9a8ba6cae22fdf202c40fb4cd2ae6534189fc788dbd7cb5f263

      SHA512

      8ec44b167877d7a862fcb35ac9cd0b821de351a242593006833201f21fe1e5c7283c3377373499605e43d49c786eb9cf4e4b742e8f7979f3b98556aa1d3432be

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Afebw\itysy.exe
      Filesize

      305KB

      MD5

      4c7be982b4a2732f1ff387e8bca21a27

      SHA1

      1b72d02fa6e8d7f64dcf6ff3c79d9407523d3cca

      SHA256

      5cbca92a4548f9a8ba6cae22fdf202c40fb4cd2ae6534189fc788dbd7cb5f263

      SHA512

      8ec44b167877d7a862fcb35ac9cd0b821de351a242593006833201f21fe1e5c7283c3377373499605e43d49c786eb9cf4e4b742e8f7979f3b98556aa1d3432be

      Download Submit

    • memory/1828-153-0x0000000000E70000-0x0000000000E9D000-memory.dmp

      Filesize

      180KB

      Download

    • memory/1828-149-0x0000000000000000-mapping.dmp

      Download

    • memory/3088-138-0x0000000000400000-0x000000000042D000-memory.dmp

      Filesize

      180KB

      Download

    • memory/3088-139-0x0000000000400000-0x000000000042D000-memory.dmp

      Filesize

      180KB

      Download

    • memory/3088-137-0x0000000000400000-0x000000000042D000-memory.dmp

      Filesize

      180KB

      Download

    • memory/3088-132-0x0000000000000000-mapping.dmp

      Download

    • memory/3088-143-0x0000000000400000-0x000000000042D000-memory.dmp

      Filesize

      180KB

      Download

    • memory/3088-135-0x0000000000400000-0x000000000042D000-memory.dmp

      Filesize

      180KB

      Download

    • memory/3088-151-0x0000000000400000-0x000000000042D000-memory.dmp

      Filesize

      180KB

      Download

    • memory/3088-133-0x0000000000400000-0x000000000042D000-memory.dmp

      Filesize

      180KB

      Download

    • memory/4268-140-0x0000000000000000-mapping.dmp

      Download

    • memory/4332-144-0x0000000000000000-mapping.dmp

      Download

    • memory/4332-150-0x0000000000400000-0x000000000042D000-memory.dmp

      Filesize

      180KB

      Download

    • memory/4332-152-0x0000000000400000-0x000000000042D000-memory.dmp

      Filesize

      180KB

      Download

    • memory/4976-136-0x0000000000600000-0x000000000061D000-memory.dmp

      Filesize

      116KB

      Download