ef0717bce91c868c367b3bbac22a28fe4ec72a230ec96ae646cb76a850ec6358

Analysis

max time kernel
150s
max time network
157s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
27-11-2022 07:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ef0717bce91c868c367b3bbac22a28fe4ec72a230ec96ae646cb76a850ec6358.exe
Size

35KB
MD5

f130b4c9581f47752a681a26a075dd76
SHA1

009260394b204bcd3f91fbe625ee3f56c18ac6ef
SHA256

ef0717bce91c868c367b3bbac22a28fe4ec72a230ec96ae646cb76a850ec6358
SHA512

3da397eaaf755a7279b93ca4a9e4c265370e71df8b64ba12ba3939a6f219a5c7dbba56a90d6a1a062d99b1ba6ad1e8e1002b0cb367602a05af78355578e1e660
SSDEEP

768:CpgQf0M/6vzzzzzzzzzzzzzzzzzzzzzzzzzzzz2yyHpj+:CphX6vzzzzzzzzzzzzzzzzzzzzzzzzz7

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

uaygf.exe

pid process

1792 uaygf.exe
Deletes itself 1 IoCs

Processes:

uaygf.exe

pid process

1792 uaygf.exe

pid	process
1792	uaygf.exe

pid	process
1792	uaygf.exe

Loads dropped DLL 2 IoCs

Processes:

ef0717bce91c868c367b3bbac22a28fe4ec72a230ec96ae646cb76a850ec6358.exe

pid	process
1796	ef0717bce91c868c367b3bbac22a28fe4ec72a230ec96ae646cb76a850ec6358.exe
1796	ef0717bce91c868c367b3bbac22a28fe4ec72a230ec96ae646cb76a850ec6358.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

ef0717bce91c868c367b3bbac22a28fe4ec72a230ec96ae646cb76a850ec6358.exe

description	pid	process	target process
PID 1796 wrote to memory of 1792	1796	ef0717bce91c868c367b3bbac22a28fe4ec72a230ec96ae646cb76a850ec6358.exe	uaygf.exe
PID 1796 wrote to memory of 1792	1796	ef0717bce91c868c367b3bbac22a28fe4ec72a230ec96ae646cb76a850ec6358.exe	uaygf.exe
PID 1796 wrote to memory of 1792	1796	ef0717bce91c868c367b3bbac22a28fe4ec72a230ec96ae646cb76a850ec6358.exe	uaygf.exe
PID 1796 wrote to memory of 1792	1796	ef0717bce91c868c367b3bbac22a28fe4ec72a230ec96ae646cb76a850ec6358.exe	uaygf.exe

C:\Users\Admin\AppData\Local\Temp\ef0717bce91c868c367b3bbac22a28fe4ec72a230ec96ae646cb76a850ec6358.exe
"C:\Users\Admin\AppData\Local\Temp\ef0717bce91c868c367b3bbac22a28fe4ec72a230ec96ae646cb76a850ec6358.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1796

C:\Users\Admin\AppData\Local\Temp\uaygf.exe
C:\Users\Admin\AppData\Local\Temp\uaygf.exe
2⤵
- Executes dropped EXE
- Deletes itself
PID:1792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\uaygf.exe
Filesize
35KB

MD5
f130b4c9581f47752a681a26a075dd76

SHA1
009260394b204bcd3f91fbe625ee3f56c18ac6ef

SHA256
ef0717bce91c868c367b3bbac22a28fe4ec72a230ec96ae646cb76a850ec6358

SHA512
3da397eaaf755a7279b93ca4a9e4c265370e71df8b64ba12ba3939a6f219a5c7dbba56a90d6a1a062d99b1ba6ad1e8e1002b0cb367602a05af78355578e1e660

Download Submit
C:\Users\Admin\AppData\Local\Temp\uaygf.exe
Filesize
35KB

MD5
f130b4c9581f47752a681a26a075dd76

SHA1
009260394b204bcd3f91fbe625ee3f56c18ac6ef

SHA256
ef0717bce91c868c367b3bbac22a28fe4ec72a230ec96ae646cb76a850ec6358

SHA512
3da397eaaf755a7279b93ca4a9e4c265370e71df8b64ba12ba3939a6f219a5c7dbba56a90d6a1a062d99b1ba6ad1e8e1002b0cb367602a05af78355578e1e660

Download Submit
C:\Users\Admin\AppData\Local\Temp\utt2ED4.tmp
Filesize
206B

MD5
90e0dc7c414069be4ce015718e030ba3

SHA1
4284067a74b8d579e55cf6ecdd7c7237f1dc5186

SHA256
597d081c22d6967ffdf1f145e606df5e2f9a81e8b40c43ac0ef3bd3302acdd2e

SHA512
137c6ede06069f12821464ae9cd56c4eb667cf9a52585bd849d3c2dbb7367d860a59a8b69885263ce929d861bc356cc492a6166779875db2ed56d19e305ae814

Download Submit
\Users\Admin\AppData\Local\Temp\uaygf.exe
Filesize
35KB

MD5
f130b4c9581f47752a681a26a075dd76

SHA1
009260394b204bcd3f91fbe625ee3f56c18ac6ef

SHA256
ef0717bce91c868c367b3bbac22a28fe4ec72a230ec96ae646cb76a850ec6358

SHA512
3da397eaaf755a7279b93ca4a9e4c265370e71df8b64ba12ba3939a6f219a5c7dbba56a90d6a1a062d99b1ba6ad1e8e1002b0cb367602a05af78355578e1e660

Download Submit
\Users\Admin\AppData\Local\Temp\uaygf.exe
Filesize
35KB

MD5
f130b4c9581f47752a681a26a075dd76

SHA1
009260394b204bcd3f91fbe625ee3f56c18ac6ef

SHA256
ef0717bce91c868c367b3bbac22a28fe4ec72a230ec96ae646cb76a850ec6358

SHA512
3da397eaaf755a7279b93ca4a9e4c265370e71df8b64ba12ba3939a6f219a5c7dbba56a90d6a1a062d99b1ba6ad1e8e1002b0cb367602a05af78355578e1e660

Download Submit
memory/1792-57-0x0000000000000000-mapping.dmp

Download
memory/1792-62-0x0000000000270000-0x0000000000294000-memory.dmp

Filesize
144KB

Download
memory/1792-63-0x0000000000270000-0x0000000000294000-memory.dmp

Filesize
144KB

Download
memory/1796-54-0x00000000760A1000-0x00000000760A3000-memory.dmp

Filesize
8KB

Download