Overview

overview

9

Static

static

6cea15020b...8a.exe

windows7-x64

9

6cea15020b...8a.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    147s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    01-12-2022 03:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6cea15020bdfb7210c77be75653d76137fafa09ea2fcdf2d3006dae0cbe0ab8a.exe

  • Size

    767KB

  • MD5

    7709f2775d31f68ee5efa479a1afaa28

  • SHA1

    51c555a2763a8760a0b473080cf2e582b6117088

  • SHA256

    6cea15020bdfb7210c77be75653d76137fafa09ea2fcdf2d3006dae0cbe0ab8a

  • SHA512

    80e929e6eba0bac0a76a5aa64687fd23c6c52fe70a1b92e98761607d599bafe26fabe6bd399ee34ab4325641671ec506b278b7648a802d266a8647cf49a0ddab

  • SSDEEP

    12288:VryS2KmxOEaIDGwU+xxfFMc0TQYyxuuHuii9XG2lm9J9ARssvYsbEOAEZ1XGwXNn:NoKmAIDGH+mJ8Yyx7KX/sJKqCYGhDwE

Score
9/10
evasionpersistence

Malware Config

Signatures

  • Checks for common network interception software 1 TTPs

    Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.

    evasion
  • Enumerates VirtualBox registry keys 2 TTPs 1 IoCs
    evasion
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6cea15020bdfb7210c77be75653d76137fafa09ea2fcdf2d3006dae0cbe0ab8a.exe
    "C:\Users\Admin\AppData\Local\Temp\6cea15020bdfb7210c77be75653d76137fafa09ea2fcdf2d3006dae0cbe0ab8a.exe"
    1⤵
    • Enumerates VirtualBox registry keys
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: RenamesItself
    PID:1768

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1768-54-0x0000000000230000-0x000000000023A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1768-55-0x0000000076961000-0x0000000076963000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1768-56-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download

  • memory/1768-58-0x0000000000230000-0x0000000000232000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1768-57-0x0000000000230000-0x000000000023A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1768-59-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download