Overview

overview

8

Static

static

62ba3eb114...7a.exe

windows7-x64

7

62ba3eb114...7a.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    123s
  • max time network
    35s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    25-11-2022 23:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    62ba3eb1141a49dc5f19536f6caa081d26b1018b61a72363e67f6fd166795d7a.exe

  • Size

    433KB

  • MD5

    d509d0fbb447397b3db53d4a0d96adf7

  • SHA1

    d445e5a05ac39fc7bcac88cfa35c6db90667a117

  • SHA256

    62ba3eb1141a49dc5f19536f6caa081d26b1018b61a72363e67f6fd166795d7a

  • SHA512

    7780734008f62c682b2b12d70f273de81ae261dce7bcb68c8d11c3d837bfa99e3cfa88bfd509eb3f40e52b2739b227fcc01b38a9bea2b637216e1d5f8511f4da

  • SSDEEP

    6144:qxNoh9F9Bsw164o+o4N40xwUMaccon8lhKxnpmCLQptOWolIhRmpXtEO/0q+dnpM:qxU96w164oUvGdA4xndQ2KXYYn8z0y

Score
7/10

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\62ba3eb1141a49dc5f19536f6caa081d26b1018b61a72363e67f6fd166795d7a.exe
    "C:\Users\Admin\AppData\Local\Temp\62ba3eb1141a49dc5f19536f6caa081d26b1018b61a72363e67f6fd166795d7a.exe"
    1⤵
    • Drops startup file
    • Loads dropped DLL
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1984
    • C:\Users\Admin\AppData\Local\Temp\62ba3eb1141a49dc5f19536f6caa081d26b1018b61a72363e67f6fd166795d7a.exe
      C:\Users\Admin\AppData\Local\Temp\62ba3eb1141a49dc5f19536f6caa081d26b1018b61a72363e67f6fd166795d7a.exe
      2⤵
        PID:1308
      • C:\Windows\SysWOW64\CMD.EXE
        "CMD.EXE" /C timeout 3 & del C:\ProgramData\jQFufolgiKb2uog.dll
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:1220
        • C:\Windows\SysWOW64\timeout.exe
          timeout 3
          3⤵
          • Delays execution with timeout.exe
          PID:284

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\ProgramData\jQFufolgiKb2uog.dll
      Filesize

      25KB

      MD5

      38b41c1ce13a8bad90952a4a3250be40

      SHA1

      ffafc409630fa29280bbd60447d7cd1b23b4999d

      SHA256

      0cddea5438f90e10d1a6df51e2f3d638adbb727317a27428477cd179b3925557

      SHA512

      0301518235b2ff1b09e6745e18b995aad2f1eb746471ae98af6fc26f497e74daa86983dc94f0e5a0ae20a5a710bcf8496b9ad35b1378e9ea2c3a24c771f8b89c

      Download Submit

    • \ProgramData\jQFufolgiKb2uog.dll
      Filesize

      25KB

      MD5

      38b41c1ce13a8bad90952a4a3250be40

      SHA1

      ffafc409630fa29280bbd60447d7cd1b23b4999d

      SHA256

      0cddea5438f90e10d1a6df51e2f3d638adbb727317a27428477cd179b3925557

      SHA512

      0301518235b2ff1b09e6745e18b995aad2f1eb746471ae98af6fc26f497e74daa86983dc94f0e5a0ae20a5a710bcf8496b9ad35b1378e9ea2c3a24c771f8b89c

      Download Submit

    • \ProgramData\jQFufolgiKb2uog.dll
      Filesize

      25KB

      MD5

      38b41c1ce13a8bad90952a4a3250be40

      SHA1

      ffafc409630fa29280bbd60447d7cd1b23b4999d

      SHA256

      0cddea5438f90e10d1a6df51e2f3d638adbb727317a27428477cd179b3925557

      SHA512

      0301518235b2ff1b09e6745e18b995aad2f1eb746471ae98af6fc26f497e74daa86983dc94f0e5a0ae20a5a710bcf8496b9ad35b1378e9ea2c3a24c771f8b89c

      Download Submit

    • \ProgramData\jQFufolgiKb2uog.dll
      Filesize

      25KB

      MD5

      38b41c1ce13a8bad90952a4a3250be40

      SHA1

      ffafc409630fa29280bbd60447d7cd1b23b4999d

      SHA256

      0cddea5438f90e10d1a6df51e2f3d638adbb727317a27428477cd179b3925557

      SHA512

      0301518235b2ff1b09e6745e18b995aad2f1eb746471ae98af6fc26f497e74daa86983dc94f0e5a0ae20a5a710bcf8496b9ad35b1378e9ea2c3a24c771f8b89c

      Download Submit

    • memory/284-63-0x0000000000000000-mapping.dmp

      Download

    • memory/1220-62-0x0000000000000000-mapping.dmp

      Download

    • memory/1308-61-0x000000000040120A-mapping.dmp

      Download

    • memory/1984-54-0x00000000763A1000-0x00000000763A3000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1984-55-0x0000000074E90000-0x000000007543B000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/1984-59-0x0000000074E90000-0x000000007543B000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/1984-64-0x0000000074E90000-0x000000007543B000-memory.dmp

      Filesize

      5.7MB

      Download