Overview

overview

8

Static

static

97abab8357...dd.exe

windows7-x64

8

97abab8357...dd.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    182s
  • max time network
    222s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    27/11/2022, 11:43

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    97abab83573c5fd14b903170110c33222d4309be03ac6cfc4c8470138890addd.exe

  • Size

    22KB

  • MD5

    6ac3ca86e0af052fd4aa042b50ac6d7f

  • SHA1

    a2b65d6f871ddcda3d3db1e8450ff0e1a81d55dd

  • SHA256

    97abab83573c5fd14b903170110c33222d4309be03ac6cfc4c8470138890addd

  • SHA512

    076322c18abfdf718cdcae660e46495e1f8f2fc932dd6b844b2e342dbfbd60e90899627bb0e67a5178bbe98450b440e24e07f5c7c81cc3f22eb1d2239e5670a0

  • SSDEEP

    384:QcPcN6tMbHiQY1cfWDrTTTkTTckTTTTTTTT6UBFp:QcPcNVfCAWDBUBF

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\97abab83573c5fd14b903170110c33222d4309be03ac6cfc4c8470138890addd.exe
    "C:\Users\Admin\AppData\Local\Temp\97abab83573c5fd14b903170110c33222d4309be03ac6cfc4c8470138890addd.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:944
    • C:\Users\Admin\AppData\Local\Temp\cdsew.exe
      C:\Users\Admin\AppData\Local\Temp\cdsew.exe
      2⤵
      • Executes dropped EXE
      • Deletes itself
      PID:1328

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\cdsew.exe
          Filesize

          22KB

          MD5

          6ac3ca86e0af052fd4aa042b50ac6d7f

          SHA1

          a2b65d6f871ddcda3d3db1e8450ff0e1a81d55dd

          SHA256

          97abab83573c5fd14b903170110c33222d4309be03ac6cfc4c8470138890addd

          SHA512

          076322c18abfdf718cdcae660e46495e1f8f2fc932dd6b844b2e342dbfbd60e90899627bb0e67a5178bbe98450b440e24e07f5c7c81cc3f22eb1d2239e5670a0

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\utt798E.tmp
          Filesize

          206B

          MD5

          e00fe67b822090d66dab915be1e38432

          SHA1

          8446f48492facc617090d3692bb6f258fc628416

          SHA256

          6c0544556a06b2a96a78699ec4da635909f59c812699db07df655b4296331824

          SHA512

          cdb196128486dd5af5c1678d2c8c12aaf6a537e548ff74d74fcee1b7707cb3c5b70538859ece581720bf609d4a28db6b3d2bb26745fea27d25a795506c38c552

          Download Submit

        • \Users\Admin\AppData\Local\Temp\cdsew.exe
          Filesize

          22KB

          MD5

          6ac3ca86e0af052fd4aa042b50ac6d7f

          SHA1

          a2b65d6f871ddcda3d3db1e8450ff0e1a81d55dd

          SHA256

          97abab83573c5fd14b903170110c33222d4309be03ac6cfc4c8470138890addd

          SHA512

          076322c18abfdf718cdcae660e46495e1f8f2fc932dd6b844b2e342dbfbd60e90899627bb0e67a5178bbe98450b440e24e07f5c7c81cc3f22eb1d2239e5670a0

          Download Submit

        • memory/944-54-0x0000000074DE1000-0x0000000074DE3000-memory.dmp

          Filesize

          8KB

          Download

        • memory/944-59-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

          Download

        • memory/1328-61-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

          Download