Overview

overview

8

Static

static

8f82f055e6...25.exe

windows7-x64

8

8f82f055e6...25.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    171s
  • max time network
    189s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-11-2022 05:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8f82f055e69813f62374b4d99a75a720ac13721a0359f452bf679292412c2625.exe

  • Size

    80KB

  • MD5

    b803acee7e3e6b92e1c185a71a81790f

  • SHA1

    5ced433c728d0667f3a98689649ed722942f1cc4

  • SHA256

    8f82f055e69813f62374b4d99a75a720ac13721a0359f452bf679292412c2625

  • SHA512

    e555469b6da31c7c0b0bf611e5110dabc04ed3568137d17c716802f80bdc9b87a1a44c4e86b8d9e50edddc4e36d2c5c16eda8ff76afd18362e118d84ead3f77d

  • SSDEEP

    1536:PwEJOVKRytAB0YBIxZcafY6X4RqGGDkTZB7zA6fyMoyt:5stADOcan4UVkjfyMoyt

Score
8/10
persistence

Malware Config

Signatures

  • Adds policy Run key to start application 2 TTPs 4 IoCs
    persistence
  • Executes dropped EXE 1 IoCs
  • Modifies data under HKEY_USERS 9 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8f82f055e69813f62374b4d99a75a720ac13721a0359f452bf679292412c2625.exe
    "C:\Users\Admin\AppData\Local\Temp\8f82f055e69813f62374b4d99a75a720ac13721a0359f452bf679292412c2625.exe"
    1⤵
    • Adds policy Run key to start application
    • Modifies data under HKEY_USERS
    • Suspicious use of WriteProcessMemory
    PID:3100
    • C:\Users\Admin\LOCALS~1\APPLIC~1\esentutl.exe
      C:\Users\Admin\LOCALS~1\APPLIC~1\esentutl.exe /waitservice
      2⤵
      • Executes dropped EXE
      PID:2736

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\sessmgr.exe
    Filesize

    80KB

    MD5

    b803acee7e3e6b92e1c185a71a81790f

    SHA1

    5ced433c728d0667f3a98689649ed722942f1cc4

    SHA256

    8f82f055e69813f62374b4d99a75a720ac13721a0359f452bf679292412c2625

    SHA512

    e555469b6da31c7c0b0bf611e5110dabc04ed3568137d17c716802f80bdc9b87a1a44c4e86b8d9e50edddc4e36d2c5c16eda8ff76afd18362e118d84ead3f77d

    Download Submit

  • C:\Users\Admin\AppData\Local\esentutl.exe
    Filesize

    80KB

    MD5

    b803acee7e3e6b92e1c185a71a81790f

    SHA1

    5ced433c728d0667f3a98689649ed722942f1cc4

    SHA256

    8f82f055e69813f62374b4d99a75a720ac13721a0359f452bf679292412c2625

    SHA512

    e555469b6da31c7c0b0bf611e5110dabc04ed3568137d17c716802f80bdc9b87a1a44c4e86b8d9e50edddc4e36d2c5c16eda8ff76afd18362e118d84ead3f77d

    Download Submit

  • C:\Users\Admin\AppData\Roaming\MICROS~1\cmstp.exe
    Filesize

    80KB

    MD5

    b803acee7e3e6b92e1c185a71a81790f

    SHA1

    5ced433c728d0667f3a98689649ed722942f1cc4

    SHA256

    8f82f055e69813f62374b4d99a75a720ac13721a0359f452bf679292412c2625

    SHA512

    e555469b6da31c7c0b0bf611e5110dabc04ed3568137d17c716802f80bdc9b87a1a44c4e86b8d9e50edddc4e36d2c5c16eda8ff76afd18362e118d84ead3f77d

    Download Submit

  • C:\Users\Admin\LOCALS~1\APPLIC~1\MICROS~1\mstinit.exe
    Filesize

    80KB

    MD5

    b803acee7e3e6b92e1c185a71a81790f

    SHA1

    5ced433c728d0667f3a98689649ed722942f1cc4

    SHA256

    8f82f055e69813f62374b4d99a75a720ac13721a0359f452bf679292412c2625

    SHA512

    e555469b6da31c7c0b0bf611e5110dabc04ed3568137d17c716802f80bdc9b87a1a44c4e86b8d9e50edddc4e36d2c5c16eda8ff76afd18362e118d84ead3f77d

    Download Submit

  • C:\Users\Admin\LOCALS~1\APPLIC~1\esentutl.exe
    Filesize

    80KB

    MD5

    b803acee7e3e6b92e1c185a71a81790f

    SHA1

    5ced433c728d0667f3a98689649ed722942f1cc4

    SHA256

    8f82f055e69813f62374b4d99a75a720ac13721a0359f452bf679292412c2625

    SHA512

    e555469b6da31c7c0b0bf611e5110dabc04ed3568137d17c716802f80bdc9b87a1a44c4e86b8d9e50edddc4e36d2c5c16eda8ff76afd18362e118d84ead3f77d

    Download Submit

  • memory/2736-132-0x0000000000000000-mapping.dmp

    Download