Overview

overview

8

Static

static

92339d4c81...af.exe

windows7-x64

8

92339d4c81...af.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    142s
  • max time network
    169s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/11/2022, 10:55 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    92339d4c8142cfa98b1d98d371d187edaa9a8f95bfa801eb401387ca237795af.exe

  • Size

    600KB

  • MD5

    693ac408458bff6719ad3800700e96c2

  • SHA1

    67c44891a7cc1f72ee06f43542988722c2748aaf

  • SHA256

    92339d4c8142cfa98b1d98d371d187edaa9a8f95bfa801eb401387ca237795af

  • SHA512

    a8d34f9b77bd86a2f6695688d57493fb1d55bfe9b6df7f4090b739da89b0717f296bd31df8fed1e76657fa959ff9215094522394048d80ffe65c4e64d71bd962

  • SSDEEP

    12288:aqhP6pCcEFlPxG8odvoy7c2e7tN7ainFc6Ivj0k2e8RqpWYS3d0/Ddl338:auPTLsDINvawFc6IwXeaqpWYS3a/Zt38

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Kills process with taskkill 1 IoCs
    evasion
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\92339d4c8142cfa98b1d98d371d187edaa9a8f95bfa801eb401387ca237795af.exe
    "C:\Users\Admin\AppData\Local\Temp\92339d4c8142cfa98b1d98d371d187edaa9a8f95bfa801eb401387ca237795af.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4836
    • C:\Users\Admin\AppData\Local\Temp\is-IV3UI.tmp\92339d4c8142cfa98b1d98d371d187edaa9a8f95bfa801eb401387ca237795af.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-IV3UI.tmp\92339d4c8142cfa98b1d98d371d187edaa9a8f95bfa801eb401387ca237795af.tmp" /SL5="$80062,362930,52224,C:\Users\Admin\AppData\Local\Temp\92339d4c8142cfa98b1d98d371d187edaa9a8f95bfa801eb401387ca237795af.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:5000
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\system32\cmd.exe" /c"taskkill /im iexplore.exe /f"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:4892
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /im iexplore.exe /f
          4⤵
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:3084

Network

  • flag-unknown
    DNS
    151.122.125.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    151.122.125.40.in-addr.arpa
    IN PTR
    Response
  • flag-unknown
    DNS
    f.7.6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.0.3.0.1.3.0.6.2.ip6.arpa
    Remote address:
    8.8.8.8:53
    Request
    f.7.6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.0.3.0.1.3.0.6.2.ip6.arpa
    IN PTR
    Response
  • 93.184.220.29:80
    322 B
     7
  • 8.253.208.113:80
    322 B
     7
  • 8.253.208.113:80
    322 B
     7
  • 8.253.208.113:80
    322 B
     7
  • 8.253.208.113:80
    322 B
     7
  • 104.80.225.205:443
    322 B
     7
  • 8.8.8.8:53
    151.122.125.40.in-addr.arpa
    dns
    73 B
     159 B
     1
    1

    DNS Request

    151.122.125.40.in-addr.arpa

  • 8.8.8.8:53
    f.7.6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.0.3.0.1.3.0.6.2.ip6.arpa
    dns
    118 B
     204 B
     1
    1

    DNS Request

    f.7.6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.0.3.0.1.3.0.6.2.ip6.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-IV3UI.tmp\92339d4c8142cfa98b1d98d371d187edaa9a8f95bfa801eb401387ca237795af.tmp
    Filesize

    699KB

    MD5

    3c01afb860055a9c132e202674c4f155

    SHA1

    e60b6721917b7ea4c2cb455ba1f4a4b5a2075482

    SHA256

    525f4dad705a0a916da9c91a8a5f3d6ec670ab9594c0fe90c599971431aa1818

    SHA512

    8dd3cd1a527f816bdc495c0c6af3b65b8bf2dae16da025f27794c3313bc86843a66012502606958d397ccc82138f3935d5fb72750640c2701d524cc935cf5d4e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-IV3UI.tmp\92339d4c8142cfa98b1d98d371d187edaa9a8f95bfa801eb401387ca237795af.tmp
    Filesize

    699KB

    MD5

    3c01afb860055a9c132e202674c4f155

    SHA1

    e60b6721917b7ea4c2cb455ba1f4a4b5a2075482

    SHA256

    525f4dad705a0a916da9c91a8a5f3d6ec670ab9594c0fe90c599971431aa1818

    SHA512

    8dd3cd1a527f816bdc495c0c6af3b65b8bf2dae16da025f27794c3313bc86843a66012502606958d397ccc82138f3935d5fb72750640c2701d524cc935cf5d4e

    Download Submit

  • memory/4836-132-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/4836-137-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/4836-140-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.