Overview

overview

10

Static

static

1813cdbea0...35.exe

windows7-x64

10

1813cdbea0...35.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    355s
  • max time network
    402s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/11/2022, 03:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1813cdbea071efd7e0b261e0b1f47635.exe

  • Size

    7.6MB

  • MD5

    1813cdbea071efd7e0b261e0b1f47635

  • SHA1

    cb7bfedfa84c2de310fdf36b6fac39c6d8a6c971

  • SHA256

    43834f452190b6f36ce8bb603b76e44feb45761eb70eae5dee2ac8db17d560ee

  • SHA512

    a5ac24cff7a276acc8d629dcb170c51ee8c1d65960f0fbf105a775264a63264bfb126008e5ea4daba812ef1d79881bda3e077bb1349166d474a609dd06e65b77

  • SSDEEP

    196608:4AId0+vNSQpice0XxZcTjfKYQGj8jFDO/3V1hoGv:4zm+v9eeQjCBnjNO/FTXv

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1813cdbea071efd7e0b261e0b1f47635.exe
    "C:\Users\Admin\AppData\Local\Temp\1813cdbea071efd7e0b261e0b1f47635.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5040
    • C:\Users\Admin\AppData\Local\Temp\is-2JAJ0.tmp\1813cdbea071efd7e0b261e0b1f47635.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-2JAJ0.tmp\1813cdbea071efd7e0b261e0b1f47635.tmp" /SL5="$110054,7763926,67584,C:\Users\Admin\AppData\Local\Temp\1813cdbea071efd7e0b261e0b1f47635.exe"
      2⤵
      • Executes dropped EXE
      PID:1776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-2JAJ0.tmp\1813cdbea071efd7e0b261e0b1f47635.tmp
    Filesize

    711KB

    MD5

    478fbeed5ddcc14317065fafc3c19928

    SHA1

    8a680ce343453e2407444894055e9630f0c36017

    SHA256

    20d3b66b3d08b16204a6471c1eba6e682765a5397f33a1f4607725db3ea6cd2d

    SHA512

    6165a7f11184fc8cc52dbe4ed1f412895f5abc308c1b1f9c793d465ddbae4406a656127b40a15591b26fa737e5d7015c9e927fbfadb095e462d2a1cba1fa417d

    Download Submit

  • memory/5040-132-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/5040-134-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/5040-135-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download