Overview

overview

8

Static

static

6ac0f0cb74...4e.exe

windows7-x64

8

6ac0f0cb74...4e.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    107s
  • max time network
    44s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    01/12/2022, 23:06 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6ac0f0cb74ad773961b099934dce280abd36502d540b76dd977934bd92e2364e.exe

  • Size

    95KB

  • MD5

    56945803017bb98f3dd21a822b015bbe

  • SHA1

    a65c214220c9342f9e3653342a50f94410411cf4

  • SHA256

    6ac0f0cb74ad773961b099934dce280abd36502d540b76dd977934bd92e2364e

  • SHA512

    3ca5e1c8e848152992451924e80c4d4c3849116103dc602c0d80d7cd70b6d5d648646c94106a7499863de245dbee455301a97a7dea2572258c11c159c794836e

  • SSDEEP

    1536:fHFusSx9qYMhdFHS8qdydo3nTzhYxJA+CwNUtBZVY9v8prnMW5mb5EOx:fxS4jHS8q/3nTzePCwNUh4E9nWbGOx

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6ac0f0cb74ad773961b099934dce280abd36502d540b76dd977934bd92e2364e.exe
    "C:\Users\Admin\AppData\Local\Temp\6ac0f0cb74ad773961b099934dce280abd36502d540b76dd977934bd92e2364e.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1504
    • \??\c:\users\admin\appdata\local\enjjfrdysn
      "C:\Users\Admin\AppData\Local\Temp\6ac0f0cb74ad773961b099934dce280abd36502d540b76dd977934bd92e2364e.exe" a -sc:\users\admin\appdata\local\temp\6ac0f0cb74ad773961b099934dce280abd36502d540b76dd977934bd92e2364e.exe
      2⤵
      • Executes dropped EXE
      PID:1352

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\enjjfrdysn
    Filesize

    20.1MB

    MD5

    40b710e6af03cfebf68a1506d1c5f186

    SHA1

    df67d6da79d48255a7f0043f666897e577530465

    SHA256

    2a02d2821123bf5fa477e1d6fc61810020ea41d74c6b8a25393e2a9788efb8f1

    SHA512

    790d047894acaef52337f4813a98b6ab26bf54f7baf50be01e3884395115cc713730f366466596105a663dae59e5d9ef5c77dc6f6437e0a33031558e5a353ded

    Download Submit

  • \Users\Admin\AppData\Local\enjjfrdysn
    Filesize

    20.1MB

    MD5

    40b710e6af03cfebf68a1506d1c5f186

    SHA1

    df67d6da79d48255a7f0043f666897e577530465

    SHA256

    2a02d2821123bf5fa477e1d6fc61810020ea41d74c6b8a25393e2a9788efb8f1

    SHA512

    790d047894acaef52337f4813a98b6ab26bf54f7baf50be01e3884395115cc713730f366466596105a663dae59e5d9ef5c77dc6f6437e0a33031558e5a353ded

    Download Submit

  • \Users\Admin\AppData\Local\enjjfrdysn
    Filesize

    20.1MB

    MD5

    40b710e6af03cfebf68a1506d1c5f186

    SHA1

    df67d6da79d48255a7f0043f666897e577530465

    SHA256

    2a02d2821123bf5fa477e1d6fc61810020ea41d74c6b8a25393e2a9788efb8f1

    SHA512

    790d047894acaef52337f4813a98b6ab26bf54f7baf50be01e3884395115cc713730f366466596105a663dae59e5d9ef5c77dc6f6437e0a33031558e5a353ded

    Download Submit

  • memory/1352-60-0x0000000000400000-0x000000000044E348-memory.dmp

    Filesize

    312KB

    Download

  • memory/1352-61-0x0000000000400000-0x000000000044E348-memory.dmp

    Filesize

    312KB

    Download

  • memory/1504-54-0x0000000000400000-0x000000000044E348-memory.dmp

    Filesize

    312KB

    Download

  • memory/1504-55-0x0000000000400000-0x000000000044E348-memory.dmp

    Filesize

    312KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.