Overview

overview

10

Static

static

6c7a4c2eb3...d1.exe

windows7-x64

8

6c7a4c2eb3...d1.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    139s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    28-11-2022 06:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6c7a4c2eb323324b2591e838c5b3391c28828d8466a138533aff7bbf123fdbd1.exe

  • Size

    96KB

  • MD5

    fe46056fc8bd9d648a29e076650a2bdf

  • SHA1

    d8e087bf82884fd900fa6bab3019e73cf7ebf213

  • SHA256

    6c7a4c2eb323324b2591e838c5b3391c28828d8466a138533aff7bbf123fdbd1

  • SHA512

    1ea0fa142d386e2007b57c0335b18be583b624aebee187e86102d943c65631977c8c26fb02ef8c248445d6166bb0939edaaa4b579d1a1f15a50a9e8c9a017d4b

  • SSDEEP

    3072:iOS4jHS8q/3nTzePCwNUh4E90yp9w7RUTV/LUz:ih428q/nTzePCwG70ywSS

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Deletes itself 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6c7a4c2eb323324b2591e838c5b3391c28828d8466a138533aff7bbf123fdbd1.exe
    "C:\Users\Admin\AppData\Local\Temp\6c7a4c2eb323324b2591e838c5b3391c28828d8466a138533aff7bbf123fdbd1.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2036
    • \??\c:\users\admin\appdata\local\dicpodhhqo
      "C:\Users\Admin\AppData\Local\Temp\6c7a4c2eb323324b2591e838c5b3391c28828d8466a138533aff7bbf123fdbd1.exe" a -sc:\users\admin\appdata\local\temp\6c7a4c2eb323324b2591e838c5b3391c28828d8466a138533aff7bbf123fdbd1.exe
      2⤵
      • Executes dropped EXE
      • Deletes itself
      • Suspicious behavior: EnumeratesProcesses
      PID:528

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\dicpodhhqo
    Filesize

    21.6MB

    MD5

    91518f31f63f7894afc0f6d5a02640cc

    SHA1

    1343029f6280a0d9b1366826a8cc3903100cfc03

    SHA256

    e4d15e73c42a52856b2f3def1b7cd08295afb7744619cd70cc1420b237fdd0fd

    SHA512

    27cc27dbb6239f6b50c90bfb3d0b48b970712d19e1809db66b585eb7d044550df3dbae267970bf3971b264ee485d5088fa59a0af2164c470f1cf96bf70a15a5a

    Download Submit
  • \Users\Admin\AppData\Local\dicpodhhqo
    Filesize

    21.6MB

    MD5

    91518f31f63f7894afc0f6d5a02640cc

    SHA1

    1343029f6280a0d9b1366826a8cc3903100cfc03

    SHA256

    e4d15e73c42a52856b2f3def1b7cd08295afb7744619cd70cc1420b237fdd0fd

    SHA512

    27cc27dbb6239f6b50c90bfb3d0b48b970712d19e1809db66b585eb7d044550df3dbae267970bf3971b264ee485d5088fa59a0af2164c470f1cf96bf70a15a5a

    Download Submit
  • \Users\Admin\AppData\Local\dicpodhhqo
    Filesize

    21.6MB

    MD5

    91518f31f63f7894afc0f6d5a02640cc

    SHA1

    1343029f6280a0d9b1366826a8cc3903100cfc03

    SHA256

    e4d15e73c42a52856b2f3def1b7cd08295afb7744619cd70cc1420b237fdd0fd

    SHA512

    27cc27dbb6239f6b50c90bfb3d0b48b970712d19e1809db66b585eb7d044550df3dbae267970bf3971b264ee485d5088fa59a0af2164c470f1cf96bf70a15a5a

    Download Submit
  • memory/528-58-0x0000000000000000-mapping.dmp
    Download
  • memory/528-60-0x0000000000400000-0x000000000044E29C-memory.dmp
    Filesize

    312KB

    Download
  • memory/528-61-0x0000000000400000-0x000000000044E29C-memory.dmp
    Filesize

    312KB

    Download
  • memory/2036-54-0x0000000000400000-0x000000000044E29C-memory.dmp
    Filesize

    312KB

    Download
  • memory/2036-55-0x0000000000400000-0x000000000044E29C-memory.dmp
    Filesize

    312KB

    Download