Overview

overview

8

Static

static

746ac48272...d8.exe

windows7-x64

8

746ac48272...d8.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    318s
  • max time network
    372s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-11-2022 11:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    746ac48272bf294047bf9bc050c8c02bea083733717550959e50cafdc385c6d8.exe

  • Size

    5.7MB

  • MD5

    b69f9ee7ec5629069a7e1636881a34b5

  • SHA1

    d95d04c1a242414700327eb2e04237ce18738dd4

  • SHA256

    746ac48272bf294047bf9bc050c8c02bea083733717550959e50cafdc385c6d8

  • SHA512

    8e5c818773054b500d56dcacb8d14156711ccc96ce0af0779a009182ea3096d015fe8ef9435b36c5967a349cc4b3ac5be0e55cff1bd4c0b734fc7d4d0956ff6c

  • SSDEEP

    98304:/CoPwEjW9ebgmU2udXWQTAy0i84iTEm/i9W4MB8qiHcRmC9Qp1i:/CRaPiXWQc/n4S/i9W4MSqv/QPi

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\746ac48272bf294047bf9bc050c8c02bea083733717550959e50cafdc385c6d8.exe
    "C:\Users\Admin\AppData\Local\Temp\746ac48272bf294047bf9bc050c8c02bea083733717550959e50cafdc385c6d8.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1420
    • C:\Users\Admin\AppData\Local\Temp\is-170ES.tmp\746ac48272bf294047bf9bc050c8c02bea083733717550959e50cafdc385c6d8.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-170ES.tmp\746ac48272bf294047bf9bc050c8c02bea083733717550959e50cafdc385c6d8.tmp" /SL5="$1401C8,5419327,115200,C:\Users\Admin\AppData\Local\Temp\746ac48272bf294047bf9bc050c8c02bea083733717550959e50cafdc385c6d8.exe"
      2⤵
      • Executes dropped EXE
      PID:3768

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-170ES.tmp\746ac48272bf294047bf9bc050c8c02bea083733717550959e50cafdc385c6d8.tmp
    Filesize

    1.1MB

    MD5

    935e949ed2a53c393877a19ab5ca7047

    SHA1

    20f0033eff164ad2a1d077722ad2fb249f1239b0

    SHA256

    338df679b5a0d63c1412fae6192677a3df68ab2db1a8a777eecd386edae77db4

    SHA512

    5c7f4bd23b6facaddee3a6156d911d2fafbc2ae1bf66e88c90791d48658aad135a85b4e62bf91410971d13eb98d0aa8c7f3bd62ac569a9a29f344d98907bc65e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-170ES.tmp\746ac48272bf294047bf9bc050c8c02bea083733717550959e50cafdc385c6d8.tmp
    Filesize

    1.1MB

    MD5

    935e949ed2a53c393877a19ab5ca7047

    SHA1

    20f0033eff164ad2a1d077722ad2fb249f1239b0

    SHA256

    338df679b5a0d63c1412fae6192677a3df68ab2db1a8a777eecd386edae77db4

    SHA512

    5c7f4bd23b6facaddee3a6156d911d2fafbc2ae1bf66e88c90791d48658aad135a85b4e62bf91410971d13eb98d0aa8c7f3bd62ac569a9a29f344d98907bc65e

    Download Submit

  • memory/1420-132-0x0000000000400000-0x0000000000427000-memory.dmp

    Filesize

    156KB

    Download

  • memory/1420-134-0x0000000000400000-0x0000000000427000-memory.dmp

    Filesize

    156KB

    Download