22b055e9d5da1c2a8dfb21777dab21d4093eb65aef5c959d56caacf34f656b03

Analysis

max time kernel
111s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
28-11-2022 06:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

22b055e9d5da1c2a8dfb21777dab21d4093eb65aef5c959d56caacf34f656b03.exe
Size

96KB
MD5

143d616b1ba8dc45a2a4d506b2365ec7
SHA1

0e7569741b996a7ad72e4175025a69205712a775
SHA256

22b055e9d5da1c2a8dfb21777dab21d4093eb65aef5c959d56caacf34f656b03
SHA512

947e789a37db4b692157c1fb409a763353dbb6234cd1c53a530253ffd4936413d47e3d2c2d7248db3c78ec9680e96111e39c6b8776dd52721b6a058bac2d056f
SSDEEP

1536:gcFusSx9qYMhdFHS8qdydo3nTzhYxJA+CwNUtBZVY9v8prbrJRlRjdCQ35HFP:gOS4jHS8q/3nTzePCwNUh4E9bvfjwiFP

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

fmmjjcshsl

pid process

1048 fmmjjcshsl

pid	process
1048	fmmjjcshsl

Loads dropped DLL 2 IoCs

Processes:

22b055e9d5da1c2a8dfb21777dab21d4093eb65aef5c959d56caacf34f656b03.exe

pid	process
740	22b055e9d5da1c2a8dfb21777dab21d4093eb65aef5c959d56caacf34f656b03.exe
740	22b055e9d5da1c2a8dfb21777dab21d4093eb65aef5c959d56caacf34f656b03.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

22b055e9d5da1c2a8dfb21777dab21d4093eb65aef5c959d56caacf34f656b03.exe

description	pid	process	target process
PID 740 wrote to memory of 1048	740	22b055e9d5da1c2a8dfb21777dab21d4093eb65aef5c959d56caacf34f656b03.exe	fmmjjcshsl
PID 740 wrote to memory of 1048	740	22b055e9d5da1c2a8dfb21777dab21d4093eb65aef5c959d56caacf34f656b03.exe	fmmjjcshsl
PID 740 wrote to memory of 1048	740	22b055e9d5da1c2a8dfb21777dab21d4093eb65aef5c959d56caacf34f656b03.exe	fmmjjcshsl
PID 740 wrote to memory of 1048	740	22b055e9d5da1c2a8dfb21777dab21d4093eb65aef5c959d56caacf34f656b03.exe	fmmjjcshsl

C:\Users\Admin\AppData\Local\Temp\22b055e9d5da1c2a8dfb21777dab21d4093eb65aef5c959d56caacf34f656b03.exe
"C:\Users\Admin\AppData\Local\Temp\22b055e9d5da1c2a8dfb21777dab21d4093eb65aef5c959d56caacf34f656b03.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:740

\??\c:\users\admin\appdata\local\fmmjjcshsl
"C:\Users\Admin\AppData\Local\Temp\22b055e9d5da1c2a8dfb21777dab21d4093eb65aef5c959d56caacf34f656b03.exe" a -sc:\users\admin\appdata\local\temp\22b055e9d5da1c2a8dfb21777dab21d4093eb65aef5c959d56caacf34f656b03.exe
2⤵
- Executes dropped EXE
PID:1048

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\fmmjjcshsl
Filesize
22.3MB

MD5
2410a77dede758365f54b7d99abc079f

SHA1
4f0eb543b7fdd1f38377c6d26b74d6e425791a4e

SHA256
68f413b74fadcca076111e57a45cf54095f62988cbaf7772d1b68c42585d33f8

SHA512
d13e749d9b638282f6794e2e06e122998c88633c6f7b044612b034fc908a0a3ef6c0b383ba267a94b168b083522b2f88326414961c828bcd9c2150af60669b74

Download Submit
\Users\Admin\AppData\Local\fmmjjcshsl
Filesize
22.3MB

MD5
2410a77dede758365f54b7d99abc079f

SHA1
4f0eb543b7fdd1f38377c6d26b74d6e425791a4e

SHA256
68f413b74fadcca076111e57a45cf54095f62988cbaf7772d1b68c42585d33f8

SHA512
d13e749d9b638282f6794e2e06e122998c88633c6f7b044612b034fc908a0a3ef6c0b383ba267a94b168b083522b2f88326414961c828bcd9c2150af60669b74

Download Submit
\Users\Admin\AppData\Local\fmmjjcshsl
Filesize
22.3MB

MD5
2410a77dede758365f54b7d99abc079f

SHA1
4f0eb543b7fdd1f38377c6d26b74d6e425791a4e

SHA256
68f413b74fadcca076111e57a45cf54095f62988cbaf7772d1b68c42585d33f8

SHA512
d13e749d9b638282f6794e2e06e122998c88633c6f7b044612b034fc908a0a3ef6c0b383ba267a94b168b083522b2f88326414961c828bcd9c2150af60669b74

Download Submit
memory/740-54-0x0000000000400000-0x000000000044E354-memory.dmp

Filesize
312KB

Download
memory/740-55-0x0000000000400000-0x000000000044E354-memory.dmp

Filesize
312KB

Download
memory/1048-58-0x0000000000000000-mapping.dmp

Download
memory/1048-60-0x0000000000400000-0x000000000044E354-memory.dmp

Filesize
312KB

Download
memory/1048-61-0x0000000000400000-0x000000000044E354-memory.dmp

Filesize
312KB

Download