dd057de8165b4cdc4321df808ccf52b9016d7fe86b6f8a2cbab3c034df76da21

Analysis

max time kernel
139s
max time network
153s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
27/11/2022, 14:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

dd057de8165b4cdc4321df808ccf52b9016d7fe86b6f8a2cbab3c034df76da21.exe
Size

116KB
MD5

e5605c2fa197d33290e7d72741cdb6f0
SHA1

5586e363f0c8b79e27a7049c800437af0a6ab0ff
SHA256

dd057de8165b4cdc4321df808ccf52b9016d7fe86b6f8a2cbab3c034df76da21
SHA512

03ca796f44075418816fb8933e06d02a53997f10982a1b57053c70a608b891ad91d986a86fea0925dc8fe37aa2d3db5b4c8692cbf4565b8b9ecc1552f08a322a
SSDEEP

1536:kpr40ncogoqvSDD2TXm+OvD5a2IznYaHjubg:Y9coBGTXOr5a2Issa8

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1016	gotfree.exe

Deletes itself 1 IoCs

pid	Process
1016	gotfree.exe

Loads dropped DLL 2 IoCs

pid	Process
2020	dd057de8165b4cdc4321df808ccf52b9016d7fe86b6f8a2cbab3c034df76da21.exe
2020	dd057de8165b4cdc4321df808ccf52b9016d7fe86b6f8a2cbab3c034df76da21.exe

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
3	icanhazip.com

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 1016	2020	dd057de8165b4cdc4321df808ccf52b9016d7fe86b6f8a2cbab3c034df76da21.exe	26
PID 2020 wrote to memory of 1016	2020	dd057de8165b4cdc4321df808ccf52b9016d7fe86b6f8a2cbab3c034df76da21.exe	26
PID 2020 wrote to memory of 1016	2020	dd057de8165b4cdc4321df808ccf52b9016d7fe86b6f8a2cbab3c034df76da21.exe	26
PID 2020 wrote to memory of 1016	2020	dd057de8165b4cdc4321df808ccf52b9016d7fe86b6f8a2cbab3c034df76da21.exe	26

C:\Users\Admin\AppData\Local\Temp\dd057de8165b4cdc4321df808ccf52b9016d7fe86b6f8a2cbab3c034df76da21.exe
"C:\Users\Admin\AppData\Local\Temp\dd057de8165b4cdc4321df808ccf52b9016d7fe86b6f8a2cbab3c034df76da21.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Users\Admin\AppData\Local\Temp\gotfree.exe
  C:\Users\Admin\AppData\Local\Temp\gotfree.exe
  2⤵
  - Executes dropped EXE
  - Deletes itself
  PID:1016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\got2D80.txt

Filesize
206B

MD5
5f90aa965de612b72e5a502574612a03

SHA1
d732b68760d6f5c7958c23a1dd411137dd32b807

SHA256
997b275b0f80779f5d593286e18b12101e8488085e96f0c96d6e6579c9bb0199

SHA512
77b741b0ae55799353f59656ffb9bfe41c3f1cc5d386ffdf44400ef81fd6ad7c0c7837f5f316089955416034d5b11de562c44b8c79d08cfde2d702a044b2331c

Download Submit
C:\Users\Admin\AppData\Local\Temp\gotfree.exe

Filesize
116KB

MD5
e5605c2fa197d33290e7d72741cdb6f0

SHA1
5586e363f0c8b79e27a7049c800437af0a6ab0ff

SHA256
dd057de8165b4cdc4321df808ccf52b9016d7fe86b6f8a2cbab3c034df76da21

SHA512
03ca796f44075418816fb8933e06d02a53997f10982a1b57053c70a608b891ad91d986a86fea0925dc8fe37aa2d3db5b4c8692cbf4565b8b9ecc1552f08a322a

Download Submit
\Users\Admin\AppData\Local\Temp\gotfree.exe

Filesize
116KB

MD5
e5605c2fa197d33290e7d72741cdb6f0

SHA1
5586e363f0c8b79e27a7049c800437af0a6ab0ff

SHA256
dd057de8165b4cdc4321df808ccf52b9016d7fe86b6f8a2cbab3c034df76da21

SHA512
03ca796f44075418816fb8933e06d02a53997f10982a1b57053c70a608b891ad91d986a86fea0925dc8fe37aa2d3db5b4c8692cbf4565b8b9ecc1552f08a322a

Download Submit
\Users\Admin\AppData\Local\Temp\gotfree.exe

Filesize
116KB

MD5
e5605c2fa197d33290e7d72741cdb6f0

SHA1
5586e363f0c8b79e27a7049c800437af0a6ab0ff

SHA256
dd057de8165b4cdc4321df808ccf52b9016d7fe86b6f8a2cbab3c034df76da21

SHA512
03ca796f44075418816fb8933e06d02a53997f10982a1b57053c70a608b891ad91d986a86fea0925dc8fe37aa2d3db5b4c8692cbf4565b8b9ecc1552f08a322a

Download Submit
memory/1016-62-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2020-54-0x0000000075451000-0x0000000075453000-memory.dmp

Filesize
8KB

Download
memory/2020-59-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download