Overview

overview

8

Static

static

0382072273...87.exe

windows7-x64

8

0382072273...87.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    204s
  • max time network
    210s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-11-2022 21:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    03820722736bdbd88f7bccb04e644955e9bb723e783ff9fa66d3823fb2508987.exe

  • Size

    48KB

  • MD5

    d52a8103b4b14f808ab259a3086e638e

  • SHA1

    5fb489fdebd00f04749aff39701807830a434a53

  • SHA256

    03820722736bdbd88f7bccb04e644955e9bb723e783ff9fa66d3823fb2508987

  • SHA512

    a9ca665f49e58f642312c632142d9c6c6ad8511161f7f68dc854d80b33998f402072a841694c4ff77bf6238ca0d47be224bf15c60f4183ba29305136ca4e5f13

  • SSDEEP

    768:7TT8R3ev8GEe854yRVnQbhcdqDMhCgXyHRVZHOlwYd:7f8R8+54yRVnQdwXyHRjuL

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 3 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\03820722736bdbd88f7bccb04e644955e9bb723e783ff9fa66d3823fb2508987.exe
    "C:\Users\Admin\AppData\Local\Temp\03820722736bdbd88f7bccb04e644955e9bb723e783ff9fa66d3823fb2508987.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious behavior: RenamesItself
    PID:1196
  • C:\Windows\SysWOW64\kcuyyg.exe
    C:\Windows\SysWOW64\kcuyyg.exe
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Drops file in System32 directory
    PID:1992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\gei33.dll
    Filesize

    58KB

    MD5

    caa437442a847db69f4360b166c36d04

    SHA1

    55b5001c0330adc5999f7523be7dcc78a44ab23f

    SHA256

    16fab994afe78b9c4d273a895149d54049b7b19591a9ec6bd02d35375f5fd5a9

    SHA512

    4e14b76feda93ef78c4f8c71b5673661eb6f50fe4c24ca17526bfb07f67e04d22723015e0ac45c2a2cb075a05987a9ec30eebd0413bc7053713b1262ab618c48

    Download Submit

  • C:\Windows\SysWOW64\kcuyyg.exe
    Filesize

    48KB

    MD5

    d52a8103b4b14f808ab259a3086e638e

    SHA1

    5fb489fdebd00f04749aff39701807830a434a53

    SHA256

    03820722736bdbd88f7bccb04e644955e9bb723e783ff9fa66d3823fb2508987

    SHA512

    a9ca665f49e58f642312c632142d9c6c6ad8511161f7f68dc854d80b33998f402072a841694c4ff77bf6238ca0d47be224bf15c60f4183ba29305136ca4e5f13

    Download Submit

  • C:\Windows\SysWOW64\kcuyyg.exe
    Filesize

    48KB

    MD5

    d52a8103b4b14f808ab259a3086e638e

    SHA1

    5fb489fdebd00f04749aff39701807830a434a53

    SHA256

    03820722736bdbd88f7bccb04e644955e9bb723e783ff9fa66d3823fb2508987

    SHA512

    a9ca665f49e58f642312c632142d9c6c6ad8511161f7f68dc854d80b33998f402072a841694c4ff77bf6238ca0d47be224bf15c60f4183ba29305136ca4e5f13

    Download Submit