88b72e9e01452158ce71cef25e61bf2de0b30fc79fb794f25698446b3394718d

Analysis

max time kernel
82s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 21:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

88b72e9e01452158ce71cef25e61bf2de0b30fc79fb794f25698446b3394718d.exe
Size

423KB
MD5

61a28ab4086db27d3cdc7376f5a69998
SHA1

a9de95c9d407abba3995a3a16a720913b8bab526
SHA256

88b72e9e01452158ce71cef25e61bf2de0b30fc79fb794f25698446b3394718d
SHA512

9ee6f1d3b178ab12ed3f09fa741d91091e43bbf6fd9a3bc5789f99dfc6a79a113bf3d9ee8ec1263e5d3e3e12d30cfe9ea5a44f63073b0dc002951016b389d3c0
SSDEEP

12288:W/O0T9PLWQhwpgIdA/t5tV8xjsgBov6/vYXubE/Wd:fQZ/0jdH

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3272	byung.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2828 wrote to memory of 3272	2828	88b72e9e01452158ce71cef25e61bf2de0b30fc79fb794f25698446b3394718d.exe	84
PID 2828 wrote to memory of 3272	2828	88b72e9e01452158ce71cef25e61bf2de0b30fc79fb794f25698446b3394718d.exe	84
PID 2828 wrote to memory of 3272	2828	88b72e9e01452158ce71cef25e61bf2de0b30fc79fb794f25698446b3394718d.exe	84
PID 2828 wrote to memory of 3816	2828	88b72e9e01452158ce71cef25e61bf2de0b30fc79fb794f25698446b3394718d.exe	85
PID 2828 wrote to memory of 3816	2828	88b72e9e01452158ce71cef25e61bf2de0b30fc79fb794f25698446b3394718d.exe	85
PID 2828 wrote to memory of 3816	2828	88b72e9e01452158ce71cef25e61bf2de0b30fc79fb794f25698446b3394718d.exe	85

C:\Users\Admin\AppData\Local\Temp\88b72e9e01452158ce71cef25e61bf2de0b30fc79fb794f25698446b3394718d.exe
"C:\Users\Admin\AppData\Local\Temp\88b72e9e01452158ce71cef25e61bf2de0b30fc79fb794f25698446b3394718d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2828
- C:\Users\Admin\AppData\Roaming\Vyzoq\byung.exe
  "C:\Users\Admin\AppData\Roaming\Vyzoq\byung.exe"
  2⤵
  - Executes dropped EXE
  PID:3272
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmpa7b98379.bat"
  2⤵
  PID:3816

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tmpa7b98379.bat

Filesize
307B

MD5
e90836fa19d2fb091fa4b36394779435

SHA1
c5e930c9df6e7b72214ead0cdf505e5b2600354b

SHA256
76f3ce2634571274347c72e15c546d4f03a1b68eeb0d9aa116113dad17c859f8

SHA512
c3bfcbaef6651b44417f7d926ae005e377e2ea209ef4529d36577390e3e03bcd53a0f43261e3d1fdc8cfa11073d0a3340be57d8f149358140e8e50bef64a3d55

Download Submit
C:\Users\Admin\AppData\Roaming\Vyzoq\byung.exe

Filesize
423KB

MD5
7a6cf99a88417814af08a69a0b3ea8ed

SHA1
017992e4572f3f6079bd33c4013e098fcc251a05

SHA256
632b578f488e9df393482821610305f010a3a091199310f980e5b1df18a11085

SHA512
8102b15c17b5251f8f942852646672f2b62f3db63b0354b81a08c3c41fc75360f1d0ffa7ff9dd58ff30dd100f97bd4d1affdb5b17b2d48222b634ef64c6e13cd

Download Submit
C:\Users\Admin\AppData\Roaming\Vyzoq\byung.exe

Filesize
423KB

MD5
7a6cf99a88417814af08a69a0b3ea8ed

SHA1
017992e4572f3f6079bd33c4013e098fcc251a05

SHA256
632b578f488e9df393482821610305f010a3a091199310f980e5b1df18a11085

SHA512
8102b15c17b5251f8f942852646672f2b62f3db63b0354b81a08c3c41fc75360f1d0ffa7ff9dd58ff30dd100f97bd4d1affdb5b17b2d48222b634ef64c6e13cd

Download Submit
memory/2828-138-0x0000000002310000-0x0000000002356000-memory.dmp

Filesize
280KB

Download
memory/2828-137-0x0000000002220000-0x0000000002266000-memory.dmp

Filesize
280KB

Download
memory/2828-132-0x0000000002310000-0x0000000002356000-memory.dmp

Filesize
280KB

Download
memory/2828-143-0x0000000002310000-0x0000000002356000-memory.dmp

Filesize
280KB

Download
memory/2828-133-0x0000000002310000-0x0000000002356000-memory.dmp

Filesize
280KB

Download
memory/3272-140-0x0000000000660000-0x00000000006A6000-memory.dmp

Filesize
280KB

Download
memory/3272-141-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download
memory/3272-139-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads