Analysis
-
max time kernel
90s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
24-11-2022 00:31
Static task
static1
Behavioral task
behavioral1
Sample
6b1659b961fced58b1b4a0a6693cdc7e89355d9adb4fa3e1acbaae8fd904230f.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
6b1659b961fced58b1b4a0a6693cdc7e89355d9adb4fa3e1acbaae8fd904230f.exe
Resource
win10v2004-20220901-en
General
-
Target
6b1659b961fced58b1b4a0a6693cdc7e89355d9adb4fa3e1acbaae8fd904230f.exe
-
Size
4.5MB
-
MD5
1e0a39dfe4fbe20889dc7861ccdb97ff
-
SHA1
27199f6ee5f1dbe58dcbb18b989e796f95989bfb
-
SHA256
6b1659b961fced58b1b4a0a6693cdc7e89355d9adb4fa3e1acbaae8fd904230f
-
SHA512
65ece15c26c6ddeef94a55dc5c4cfe93c469176ecc3b62dd1bbfbdcff571fae8f1ff76f207b1a3dba977ce64604fd8d7b84b3660d610c1e16d8d0fb9ebca313a
-
SSDEEP
768:kMsLhvWgPxTsOLWxs4EQ2LSEY/52DTLdx0byVhuEjyMytjtgH:9sFOqxQPxsVQ+SEM5exsyVhry2
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
Processes:
cb36.execb36.exepid process 3252 cb36.exe 2168 cb36.exe -
Drops file in Program Files directory 2 IoCs
Processes:
6b1659b961fced58b1b4a0a6693cdc7e89355d9adb4fa3e1acbaae8fd904230f.exedescription ioc process File created C:\Program Files\NetMeeting\6ydcax 6b1659b961fced58b1b4a0a6693cdc7e89355d9adb4fa3e1acbaae8fd904230f.exe File opened for modification C:\Program Files\NetMeeting\cb36.exe 6b1659b961fced58b1b4a0a6693cdc7e89355d9adb4fa3e1acbaae8fd904230f.exe -
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
6b1659b961fced58b1b4a0a6693cdc7e89355d9adb4fa3e1acbaae8fd904230f.exedescription pid process target process PID 4936 wrote to memory of 3252 4936 6b1659b961fced58b1b4a0a6693cdc7e89355d9adb4fa3e1acbaae8fd904230f.exe cb36.exe PID 4936 wrote to memory of 3252 4936 6b1659b961fced58b1b4a0a6693cdc7e89355d9adb4fa3e1acbaae8fd904230f.exe cb36.exe PID 4936 wrote to memory of 3252 4936 6b1659b961fced58b1b4a0a6693cdc7e89355d9adb4fa3e1acbaae8fd904230f.exe cb36.exe PID 4936 wrote to memory of 2168 4936 6b1659b961fced58b1b4a0a6693cdc7e89355d9adb4fa3e1acbaae8fd904230f.exe cb36.exe PID 4936 wrote to memory of 2168 4936 6b1659b961fced58b1b4a0a6693cdc7e89355d9adb4fa3e1acbaae8fd904230f.exe cb36.exe PID 4936 wrote to memory of 2168 4936 6b1659b961fced58b1b4a0a6693cdc7e89355d9adb4fa3e1acbaae8fd904230f.exe cb36.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\6b1659b961fced58b1b4a0a6693cdc7e89355d9adb4fa3e1acbaae8fd904230f.exe"C:\Users\Admin\AppData\Local\Temp\6b1659b961fced58b1b4a0a6693cdc7e89355d9adb4fa3e1acbaae8fd904230f.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:4936 -
C:\Program Files\NetMeeting\cb36.exe"C:\Program Files\NetMeeting\cb36.exe"2⤵
- Executes dropped EXE
PID:3252
-
-
C:\Program Files\NetMeeting\cb36.exe"C:\Program Files\NetMeeting\cb36.exe" C:\Users\Admin\AppData\Local\Temp\6b1659b961fced58b1b4a0a6693cdc7e89355d9adb4fa3e1acbaae8fd904230f.exe2⤵
- Executes dropped EXE
PID:2168
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11.3MB
MD5a968bef33c5140c8ea956f6dd1748780
SHA135ef8f42c8a0bf36249f51759b997126cdb8d338
SHA256b1dbd8a00c73231fbcb6e6db708433790cbea0482f508d25a042c44fd28e7525
SHA512a366eba1bdee97a74d41145e5546633f67042ccc0f88c06251b832709452743fb9212adc0d86c3642e601c0a8877b04c413d5d8006e2f5c4d77a70bfa63d2ea1
-
Filesize
11.3MB
MD5a968bef33c5140c8ea956f6dd1748780
SHA135ef8f42c8a0bf36249f51759b997126cdb8d338
SHA256b1dbd8a00c73231fbcb6e6db708433790cbea0482f508d25a042c44fd28e7525
SHA512a366eba1bdee97a74d41145e5546633f67042ccc0f88c06251b832709452743fb9212adc0d86c3642e601c0a8877b04c413d5d8006e2f5c4d77a70bfa63d2ea1
-
Filesize
11.3MB
MD5a968bef33c5140c8ea956f6dd1748780
SHA135ef8f42c8a0bf36249f51759b997126cdb8d338
SHA256b1dbd8a00c73231fbcb6e6db708433790cbea0482f508d25a042c44fd28e7525
SHA512a366eba1bdee97a74d41145e5546633f67042ccc0f88c06251b832709452743fb9212adc0d86c3642e601c0a8877b04c413d5d8006e2f5c4d77a70bfa63d2ea1