Overview

overview

8

Static

static

7412005000...6c.exe

windows7-x64

8

7412005000...6c.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    143s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-12-2022 03:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7412005000b1e6f8efa9a556956abd051e721f9480556acd2915cc77f315926c.exe

  • Size

    352KB

  • MD5

    17c8b812fad4877df691de67323a8a11

  • SHA1

    6c37a83917393983dd5893e181932eaf8b80eb7a

  • SHA256

    7412005000b1e6f8efa9a556956abd051e721f9480556acd2915cc77f315926c

  • SHA512

    412fe21c3c9ef762a9dc7ce95eea0487e899b05d21732a913c84d3903c047015ec5dca56c8665c4c148e0210cd4b7960dbb345b7cae20c5bf43952e826be48f0

  • SSDEEP

    6144:2Yga1MYso5Fvwx/wm2m+GifR9ZQUkBJvneo:2wZXvwxf7UR9Sf

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 4 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious use of SetThreadContext 3 IoCs
  • Suspicious use of WriteProcessMemory 21 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7412005000b1e6f8efa9a556956abd051e721f9480556acd2915cc77f315926c.exe
    "C:\Users\Admin\AppData\Local\Temp\7412005000b1e6f8efa9a556956abd051e721f9480556acd2915cc77f315926c.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1756
    • C:\Users\Admin\AppData\Local\Temp\7412005000b1e6f8efa9a556956abd051e721f9480556acd2915cc77f315926c.exe
      "C:\Users\Admin\AppData\Local\Temp\7412005000b1e6f8efa9a556956abd051e721f9480556acd2915cc77f315926c.exe"
      2⤵
      • Loads dropped DLL
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:1792
      • C:\ProgramData\YkC8zZAG5th\P3zXlgSFCuGKi.exe
        "C:\ProgramData\YkC8zZAG5th\P3zXlgSFCuGKi.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • Suspicious use of WriteProcessMemory
        PID:4944
        • C:\ProgramData\YkC8zZAG5th\P3zXlgSFCuGKi.exe
          "C:\ProgramData\YkC8zZAG5th\P3zXlgSFCuGKi.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious use of SetThreadContext
          • Suspicious use of WriteProcessMemory
          PID:4140
          • C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.165.21\MicrosoftEdgeUpdateSetup_X86_1.3.165.21.exe
            "C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.165.21\MicrosoftEdgeUpdateSetup_X86_1.3.165.21.exe" /i:4140
            5⤵
              PID:4728
            • C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe
              "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe" /i:4140
              5⤵
                PID:1160

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\ProgramData\YkC8zZAG5th\P3zXlgSFCuGKi.exe
        Filesize

        352KB

        MD5

        c8f9143b237d66dd71ab53f947991735

        SHA1

        cefedb9bdddca40ada927e3823ba05b4e2b0f6a0

        SHA256

        62d47192546b4d9e874f0d4e16ab0939d8fda4e945d0d63c5e9eceafbf3794da

        SHA512

        be80c8e4438d52fdb76f19f9f220d80b0399c0bd291b338413f8e9855435e420af0c8dcbf7ad81992f39381e8f00c1237bb9c422c7b6e0dfbb23c30f491b843d

        Download Submit

      • C:\ProgramData\YkC8zZAG5th\P3zXlgSFCuGKi.exe
        Filesize

        352KB

        MD5

        c8f9143b237d66dd71ab53f947991735

        SHA1

        cefedb9bdddca40ada927e3823ba05b4e2b0f6a0

        SHA256

        62d47192546b4d9e874f0d4e16ab0939d8fda4e945d0d63c5e9eceafbf3794da

        SHA512

        be80c8e4438d52fdb76f19f9f220d80b0399c0bd291b338413f8e9855435e420af0c8dcbf7ad81992f39381e8f00c1237bb9c422c7b6e0dfbb23c30f491b843d

        Download Submit

      • C:\ProgramData\YkC8zZAG5th\P3zXlgSFCuGKi.exe
        Filesize

        352KB

        MD5

        c8f9143b237d66dd71ab53f947991735

        SHA1

        cefedb9bdddca40ada927e3823ba05b4e2b0f6a0

        SHA256

        62d47192546b4d9e874f0d4e16ab0939d8fda4e945d0d63c5e9eceafbf3794da

        SHA512

        be80c8e4438d52fdb76f19f9f220d80b0399c0bd291b338413f8e9855435e420af0c8dcbf7ad81992f39381e8f00c1237bb9c422c7b6e0dfbb23c30f491b843d

        Download Submit

      • C:\ProgramData\YkC8zZAG5th\P3zXlgSFCuGKi.exe
        Filesize

        352KB

        MD5

        17c8b812fad4877df691de67323a8a11

        SHA1

        6c37a83917393983dd5893e181932eaf8b80eb7a

        SHA256

        7412005000b1e6f8efa9a556956abd051e721f9480556acd2915cc77f315926c

        SHA512

        412fe21c3c9ef762a9dc7ce95eea0487e899b05d21732a913c84d3903c047015ec5dca56c8665c4c148e0210cd4b7960dbb345b7cae20c5bf43952e826be48f0

        Download Submit

      • C:\ProgramData\YkC8zZAG5th\P3zXlgSFCuGKi.exe
        Filesize

        352KB

        MD5

        17c8b812fad4877df691de67323a8a11

        SHA1

        6c37a83917393983dd5893e181932eaf8b80eb7a

        SHA256

        7412005000b1e6f8efa9a556956abd051e721f9480556acd2915cc77f315926c

        SHA512

        412fe21c3c9ef762a9dc7ce95eea0487e899b05d21732a913c84d3903c047015ec5dca56c8665c4c148e0210cd4b7960dbb345b7cae20c5bf43952e826be48f0

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\VEOo85zXqV2J.exe
        Filesize

        352KB

        MD5

        c8f9143b237d66dd71ab53f947991735

        SHA1

        cefedb9bdddca40ada927e3823ba05b4e2b0f6a0

        SHA256

        62d47192546b4d9e874f0d4e16ab0939d8fda4e945d0d63c5e9eceafbf3794da

        SHA512

        be80c8e4438d52fdb76f19f9f220d80b0399c0bd291b338413f8e9855435e420af0c8dcbf7ad81992f39381e8f00c1237bb9c422c7b6e0dfbb23c30f491b843d

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\VEOo85zXqV2J.exe
        Filesize

        352KB

        MD5

        c8f9143b237d66dd71ab53f947991735

        SHA1

        cefedb9bdddca40ada927e3823ba05b4e2b0f6a0

        SHA256

        62d47192546b4d9e874f0d4e16ab0939d8fda4e945d0d63c5e9eceafbf3794da

        SHA512

        be80c8e4438d52fdb76f19f9f220d80b0399c0bd291b338413f8e9855435e420af0c8dcbf7ad81992f39381e8f00c1237bb9c422c7b6e0dfbb23c30f491b843d

        Download Submit

      • memory/1160-159-0x0000000000400000-0x000000000045E000-memory.dmp

        Filesize

        376KB

        Download

      • memory/1160-153-0x0000000000000000-mapping.dmp

        Download

      • memory/1792-133-0x0000000000400000-0x000000000045E000-memory.dmp

        Filesize

        376KB

        Download

      • memory/1792-134-0x0000000000400000-0x000000000045E000-memory.dmp

        Filesize

        376KB

        Download

      • memory/1792-142-0x0000000000400000-0x000000000045E000-memory.dmp

        Filesize

        376KB

        Download

      • memory/1792-135-0x0000000000400000-0x000000000045E000-memory.dmp

        Filesize

        376KB

        Download

      • memory/1792-138-0x0000000000400000-0x000000000045E000-memory.dmp

        Filesize

        376KB

        Download

      • memory/1792-132-0x0000000000000000-mapping.dmp

        Download

      • memory/4140-143-0x0000000000000000-mapping.dmp

        Download

      • memory/4140-150-0x0000000000400000-0x000000000045E000-memory.dmp

        Filesize

        376KB

        Download

      • memory/4140-152-0x0000000000400000-0x000000000045E000-memory.dmp

        Filesize

        376KB

        Download

      • memory/4140-158-0x0000000000400000-0x000000000045E000-memory.dmp

        Filesize

        376KB

        Download

      • memory/4728-151-0x0000000000000000-mapping.dmp

        Download

      • memory/4944-139-0x0000000000000000-mapping.dmp

        Download