Overview

overview

9

Static

static

73427ef94c...c2.exe

windows7-x64

9

73427ef94c...c2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    178s
  • max time network
    189s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-11-2022 07:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    73427ef94cc8de9cc39cdb92fa47bc99a11b64940a2aca9af653216196cc88c2.exe

  • Size

    256KB

  • MD5

    710d5a3a4528ceeb2a58b61eb4aea9cc

  • SHA1

    494a8f52506fef62e557d255296384257391e58a

  • SHA256

    73427ef94cc8de9cc39cdb92fa47bc99a11b64940a2aca9af653216196cc88c2

  • SHA512

    c4ab44712465e224381d23704d95b5b1ad6e41a2704999dd1ae838c5b6553331cf1e48de349e9976d1c8c7175ab183d69ba7b8dc7033c2fac2c70570a9477a66

  • SSDEEP

    6144:W5abRA2qukF6JUxN127/8ZyOpMSQ5ufkdTb4y8OEezR0cyp5uTO0:W5uZgN1BZppc5uMRb4yyUR7CuZ

Score
7/10
persistence

Malware Config

Signatures

  • Drops startup file 2 IoCs
  • Adds Run key to start application 2 TTPs 6 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\73427ef94cc8de9cc39cdb92fa47bc99a11b64940a2aca9af653216196cc88c2.exe
    "C:\Users\Admin\AppData\Local\Temp\73427ef94cc8de9cc39cdb92fa47bc99a11b64940a2aca9af653216196cc88c2.exe"
    1⤵
    • Drops startup file
    • Adds Run key to start application
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4884
    • C:\Users\Admin\AppData\Local\Temp\73427ef94cc8de9cc39cdb92fa47bc99a11b64940a2aca9af653216196cc88c2.exe
      C:\Users\Admin\AppData\Local\Temp\73427ef94cc8de9cc39cdb92fa47bc99a11b64940a2aca9af653216196cc88c2.exe
      2⤵
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:4136
      • C:\Windows\SysWOW64\explorer.exe
        "C:\Windows\syswow64\explorer.exe"
        3⤵
        • Drops startup file
        • Adds Run key to start application
        • Suspicious behavior: MapViewOfSection
        • Suspicious use of WriteProcessMemory
        PID:4812
        • C:\Windows\SysWOW64\svchost.exe
          -k netsvcs
          4⤵
            PID:1056

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1056-138-0x0000000000000000-mapping.dmp
      Download
    • memory/1056-139-0x0000000001000000-0x000000000102B000-memory.dmp
      Filesize

      172KB

      Download
    • memory/4136-132-0x0000000000000000-mapping.dmp
      Download
    • memory/4136-133-0x0000000000400000-0x000000000042B000-memory.dmp
      Filesize

      172KB

      Download
    • memory/4136-134-0x0000000000400000-0x000000000042B000-memory.dmp
      Filesize

      172KB

      Download
    • memory/4136-136-0x0000000000400000-0x000000000042B000-memory.dmp
      Filesize

      172KB

      Download
    • memory/4812-135-0x0000000000000000-mapping.dmp
      Download
    • memory/4812-137-0x0000000000BC0000-0x0000000000BEB000-memory.dmp
      Filesize

      172KB

      Download