Analysis

  • max time kernel
    44s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    24-11-2022 01:13

General

  • Target

    fcb731e96f1b05dc0d8187afffa91d90863b3eff915fe15b66ebc0db0ba483ca.exe

  • Size

    79KB

  • MD5

    0721ebf66764de54a8cff18192a082fc

  • SHA1

    173158034fe56f028a057cf5239c19c855e814ec

  • SHA256

    fcb731e96f1b05dc0d8187afffa91d90863b3eff915fe15b66ebc0db0ba483ca

  • SHA512

    da9009b928f307206b6909242e89506a92b821fa12d2b2dcf7977d0a6cc3bb90d5e17a1f6a09888e58aa3d09753a8d0fdb34b30d20849495145bb5c028ec262c

  • SSDEEP

    1536:/eQHqwqZ1IvRa70ngWnxDJes2rDZWcisKldbfAi2d:mGqZ67FDMskDZWJn12

Score
6/10

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1424
      • C:\Users\Admin\AppData\Local\Temp\fcb731e96f1b05dc0d8187afffa91d90863b3eff915fe15b66ebc0db0ba483ca.exe
        "C:\Users\Admin\AppData\Local\Temp\fcb731e96f1b05dc0d8187afffa91d90863b3eff915fe15b66ebc0db0ba483ca.exe"
        2⤵
        • Adds Run key to start application
        • Drops file in System32 directory
        • Suspicious use of WriteProcessMemory
        PID:1484
        • C:\Users\Admin\AppData\Local\Temp\fcb731e96f1b05dc0d8187afffa91d90863b3eff915fe15b66ebc0db0ba483ca.exe
          "C:\Users\Admin\AppData\Local\Temp\fcb731e96f1b05dc0d8187afffa91d90863b3eff915fe15b66ebc0db0ba483ca.exe"
          3⤵
            PID:1688

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1424-59-0x0000000002570000-0x0000000002571000-memory.dmp

        Filesize

        4KB

      • memory/1484-54-0x0000000076BA1000-0x0000000076BA3000-memory.dmp

        Filesize

        8KB

      • memory/1484-58-0x0000000000160000-0x0000000000176000-memory.dmp

        Filesize

        88KB

      • memory/1484-61-0x0000000001000000-0x0000000001016000-memory.dmp

        Filesize

        88KB

      • memory/1688-55-0x0000000000000000-mapping.dmp

      • memory/1688-57-0x0000000001000000-0x0000000001016000-memory.dmp

        Filesize

        88KB