Overview

overview

8

Static

static

63fc803c4b...d5.exe

windows7-x64

8

63fc803c4b...d5.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    188s
  • max time network
    208s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-11-2022 14:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    63fc803c4bd4b79b3034ca4f4f578fa9fe2811cd6407da781df5f6feb776c8d5.exe

  • Size

    1.6MB

  • MD5

    690ae4eff35b594c11388368b4a74897

  • SHA1

    a8d9eb9995104592b7bb48e152cb6e17ea3721ab

  • SHA256

    63fc803c4bd4b79b3034ca4f4f578fa9fe2811cd6407da781df5f6feb776c8d5

  • SHA512

    6abe468023bce66f35d9ee00c2d35ddebdad8bcfe99f8ae42471a720f217ac3da94d63e5aec02a1b007c84845af117e3bf3e6a98e27f3f45bcceb6292362962f

  • SSDEEP

    24576:Bna7zTLnEQOs72LvLa8O/0mc58JmdmyAExUXUP/aNV0MG9vq89EtEtbOC7dTBY/S:Ba7bEQLofFtP/aNqTq8itAyKZTptZ

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\63fc803c4bd4b79b3034ca4f4f578fa9fe2811cd6407da781df5f6feb776c8d5.exe
    "C:\Users\Admin\AppData\Local\Temp\63fc803c4bd4b79b3034ca4f4f578fa9fe2811cd6407da781df5f6feb776c8d5.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1672
    • C:\Users\Admin\AppData\Local\Temp\is-L4R38.tmp\63fc803c4bd4b79b3034ca4f4f578fa9fe2811cd6407da781df5f6feb776c8d5.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-L4R38.tmp\63fc803c4bd4b79b3034ca4f4f578fa9fe2811cd6407da781df5f6feb776c8d5.tmp" /SL5="$80032,1348303,151552,C:\Users\Admin\AppData\Local\Temp\63fc803c4bd4b79b3034ca4f4f578fa9fe2811cd6407da781df5f6feb776c8d5.exe"
      2⤵
      • Executes dropped EXE
      PID:4436

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-L4R38.tmp\63fc803c4bd4b79b3034ca4f4f578fa9fe2811cd6407da781df5f6feb776c8d5.tmp
    Filesize

    783KB

    MD5

    c0e6d7cd82fd932436ab2af197ca9af0

    SHA1

    7740a420c640c26800b4c0e9c9fd736925b16afc

    SHA256

    e6b331eaf1ffa4d8d48239ffcc9db17714c0cd686ce358ad9ee2bd07d10f2b3f

    SHA512

    6c698a193ddcbcc59674dc8caaa19c1b438aee04c3a1d22357d4ec20d3f3c942a20b878bfc20903af3163ca70dd2ea8922625ff105b2828f88877282e037ad1f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-L4R38.tmp\63fc803c4bd4b79b3034ca4f4f578fa9fe2811cd6407da781df5f6feb776c8d5.tmp
    Filesize

    783KB

    MD5

    c0e6d7cd82fd932436ab2af197ca9af0

    SHA1

    7740a420c640c26800b4c0e9c9fd736925b16afc

    SHA256

    e6b331eaf1ffa4d8d48239ffcc9db17714c0cd686ce358ad9ee2bd07d10f2b3f

    SHA512

    6c698a193ddcbcc59674dc8caaa19c1b438aee04c3a1d22357d4ec20d3f3c942a20b878bfc20903af3163ca70dd2ea8922625ff105b2828f88877282e037ad1f

    Download Submit

  • memory/1672-133-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1672-138-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/4436-135-0x0000000000000000-mapping.dmp

    Download