8adcede30bb9ec86a76b189dc1b946189fb2070ec5ee7c520852a826fbf88a17

Analysis

max time kernel
182s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 01:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8adcede30bb9ec86a76b189dc1b946189fb2070ec5ee7c520852a826fbf88a17.exe
Size

95KB
MD5

76ae544df272650310248892a72800fb
SHA1

c259821477acf1cfc9b473bde2c62cd3d859e14a
SHA256

8adcede30bb9ec86a76b189dc1b946189fb2070ec5ee7c520852a826fbf88a17
SHA512

673deee1876aa8adf87a4fc0b30e79a10645e8983a9aecdad5e3f43cd26ad35cd510653bc67acf7560c2f50fb36c3f5f82c5ee593e3497e261e9b2aed7ccdbb5
SSDEEP

1536:cNTrnFusSx9qYMhdFHS8qdydo3nTzhYxJA+CwNUtBZVY9v8prlBoCYvktI0:cNPRS4jHS8q/3nTzePCwNUh4E9leCYt0

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
816	cptkhycimp

Deletes itself 1 IoCs

pid	Process
816	cptkhycimp

Loads dropped DLL 1 IoCs

pid	Process
1332	8adcede30bb9ec86a76b189dc1b946189fb2070ec5ee7c520852a826fbf88a17.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
816	cptkhycimp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1332 wrote to memory of 816	1332	8adcede30bb9ec86a76b189dc1b946189fb2070ec5ee7c520852a826fbf88a17.exe	28
PID 1332 wrote to memory of 816	1332	8adcede30bb9ec86a76b189dc1b946189fb2070ec5ee7c520852a826fbf88a17.exe	28
PID 1332 wrote to memory of 816	1332	8adcede30bb9ec86a76b189dc1b946189fb2070ec5ee7c520852a826fbf88a17.exe	28
PID 1332 wrote to memory of 816	1332	8adcede30bb9ec86a76b189dc1b946189fb2070ec5ee7c520852a826fbf88a17.exe	28
PID 1332 wrote to memory of 816	1332	8adcede30bb9ec86a76b189dc1b946189fb2070ec5ee7c520852a826fbf88a17.exe	28
PID 1332 wrote to memory of 816	1332	8adcede30bb9ec86a76b189dc1b946189fb2070ec5ee7c520852a826fbf88a17.exe	28
PID 1332 wrote to memory of 816	1332	8adcede30bb9ec86a76b189dc1b946189fb2070ec5ee7c520852a826fbf88a17.exe	28

C:\Users\Admin\AppData\Local\Temp\8adcede30bb9ec86a76b189dc1b946189fb2070ec5ee7c520852a826fbf88a17.exe
"C:\Users\Admin\AppData\Local\Temp\8adcede30bb9ec86a76b189dc1b946189fb2070ec5ee7c520852a826fbf88a17.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1332
- \??\c:\users\admin\appdata\local\cptkhycimp
  "C:\Users\Admin\AppData\Local\Temp\8adcede30bb9ec86a76b189dc1b946189fb2070ec5ee7c520852a826fbf88a17.exe" a -sc:\users\admin\appdata\local\temp\8adcede30bb9ec86a76b189dc1b946189fb2070ec5ee7c520852a826fbf88a17.exe
  2⤵
  - Executes dropped EXE
  - Deletes itself
  - Suspicious behavior: EnumeratesProcesses
  PID:816

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\cptkhycimp

Filesize
21.0MB

MD5
19199195133eb501ccf26342ed96710e

SHA1
3ef37dc691f7c72d0c51dcfe44f17ffa8fe81562

SHA256
d1455f64b0d7792e7deafe6fb464856a5342d8e3b75c9b1ace63bf844bb416b9

SHA512
10aedb3b3485393fc0f623ee82778c26b4f38e13dd5eb524dfbb3a590cf07517ee47716c914dc5291dce3b7bff5a39ffbcb42cf57c2a2298cc8dbbf67e3b1d96

Download Submit
\??\c:\users\admin\appdata\local\cptkhycimp

Filesize
21.0MB

MD5
19199195133eb501ccf26342ed96710e

SHA1
3ef37dc691f7c72d0c51dcfe44f17ffa8fe81562

SHA256
d1455f64b0d7792e7deafe6fb464856a5342d8e3b75c9b1ace63bf844bb416b9

SHA512
10aedb3b3485393fc0f623ee82778c26b4f38e13dd5eb524dfbb3a590cf07517ee47716c914dc5291dce3b7bff5a39ffbcb42cf57c2a2298cc8dbbf67e3b1d96

Download Submit
\Users\Admin\AppData\Local\cptkhycimp

Filesize
21.0MB

MD5
19199195133eb501ccf26342ed96710e

SHA1
3ef37dc691f7c72d0c51dcfe44f17ffa8fe81562

SHA256
d1455f64b0d7792e7deafe6fb464856a5342d8e3b75c9b1ace63bf844bb416b9

SHA512
10aedb3b3485393fc0f623ee82778c26b4f38e13dd5eb524dfbb3a590cf07517ee47716c914dc5291dce3b7bff5a39ffbcb42cf57c2a2298cc8dbbf67e3b1d96

Download Submit
memory/816-65-0x0000000000400000-0x000000000044C621-memory.dmp

Filesize
305KB

Download
memory/816-66-0x0000000000400000-0x000000000044C621-memory.dmp

Filesize
305KB

Download
memory/1332-54-0x0000000074FD1000-0x0000000074FD3000-memory.dmp

Filesize
8KB

Download
memory/1332-55-0x0000000000400000-0x000000000044C621-memory.dmp

Filesize
305KB

Download
memory/1332-56-0x00000000002C0000-0x000000000030D000-memory.dmp

Filesize
308KB

Download
memory/1332-57-0x00000000002C0000-0x000000000030D000-memory.dmp

Filesize
308KB

Download
memory/1332-58-0x0000000000400000-0x000000000044C621-memory.dmp

Filesize
305KB

Download
memory/1332-59-0x00000000002C0000-0x000000000030D000-memory.dmp

Filesize
308KB

Download