Overview

overview

6

Static

static

44966900ba...33.exe

windows7-x64

6

44966900ba...33.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    181s
  • max time network
    194s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-11-2022 00:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    44966900ba4a50c3afc49510c337fb6d018922073a2083302d9e0f71be40fc33.exe

  • Size

    68KB

  • MD5

    2698b2408c91884845eb9d749a3ebd30

  • SHA1

    318be9c95e837109516f3cf17f4c5d9b879497d0

  • SHA256

    44966900ba4a50c3afc49510c337fb6d018922073a2083302d9e0f71be40fc33

  • SHA512

    7ff8d917bd3f6b0499e496d2ed0c2319855d15b52a95c51e58e7cc8e65a7b3e00c1800bb69fe3c082c5c4112f39b5b3b35b3b67d44decf220feffd96372e5612

  • SSDEEP

    1536:Ye9Uw0DA+4oGkTGk+5m6O0qov6kPxOAkQLgZtKIuE:Y6UhGS+5m2nxHLQD

Score
6/10

Malware Config

Signatures

  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\44966900ba4a50c3afc49510c337fb6d018922073a2083302d9e0f71be40fc33.exe
    "C:\Users\Admin\AppData\Local\Temp\44966900ba4a50c3afc49510c337fb6d018922073a2083302d9e0f71be40fc33.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3152
    • C:\Users\Admin\AppData\Local\Temp\44966900ba4a50c3afc49510c337fb6d018922073a2083302d9e0f71be40fc33.exe
      "C:\Users\Admin\AppData\Local\Temp\44966900ba4a50c3afc49510c337fb6d018922073a2083302d9e0f71be40fc33.exe"i|
      2⤵
      • Maps connected drives based on registry
      • Suspicious use of SetWindowsHookEx
      PID:320

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/320-134-0x0000000000000000-mapping.dmp

    Download

  • memory/320-135-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/320-137-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/320-141-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download