Overview

overview

6

Static

static

43eca0c1b6...1a.exe

windows7-x64

6

43eca0c1b6...1a.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    43s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    01-12-2022 04:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    43eca0c1b6e74208f134d20ff283f983c030635433757dec8b9f15e0c4947c1a.exe

  • Size

    148KB

  • MD5

    48355fa3f4f63c208b84a94af3a84840

  • SHA1

    8bd54d9f08fafda89a47e0890926ae0a3a1932db

  • SHA256

    43eca0c1b6e74208f134d20ff283f983c030635433757dec8b9f15e0c4947c1a

  • SHA512

    c2c5e5d0fd5a6a0713b05bccbc526da61e81f4274568fff5264eb876495507fa2527746ac74b7b8cd6fe7df2d3b3b8a4ac6478169636ee4a4aed9be4542d657f

  • SSDEEP

    3072:hIZWWxukZThtCdVBJvXIATEi+S9ofjh4BwL1/BKbcltbAX24X:hIIWxu+hOVTXIAQDSifjh4Bwx/B9ltKX

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 21 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\43eca0c1b6e74208f134d20ff283f983c030635433757dec8b9f15e0c4947c1a.exe
    "C:\Users\Admin\AppData\Local\Temp\43eca0c1b6e74208f134d20ff283f983c030635433757dec8b9f15e0c4947c1a.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of SetThreadContext
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:1760
    • C:\Windows\SysWOW64\svchost.exe
      "C:\Windows\system32\svchost.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1316
      • C:\Windows\SysWOW64\mspaint.exe
        "C:\Windows\system32\mspaint.exe"
        3⤵
        • Drops file in Windows directory
        • Suspicious use of SetWindowsHookEx
        PID:1812
    • C:\Users\Admin\AppData\Local\Temp\43eca0c1b6e74208f134d20ff283f983c030635433757dec8b9f15e0c4947c1a.exe
      "C:\Users\Admin\AppData\Local\Temp\43eca0c1b6e74208f134d20ff283f983c030635433757dec8b9f15e0c4947c1a.exe"
      2⤵
        PID:1196

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1196-60-0x0000000000400000-0x000000000044E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/1196-73-0x0000000000400000-0x000000000044E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/1196-70-0x0000000000400000-0x000000000044E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/1196-68-0x0000000000400000-0x000000000044E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/1196-63-0x0000000000400000-0x000000000044E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/1196-66-0x0000000000400000-0x000000000044E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/1316-57-0x0000000000080000-0x00000000000A1000-memory.dmp

      Filesize

      132KB

      Download

    • memory/1316-78-0x0000000000080000-0x00000000000A1000-memory.dmp

      Filesize

      132KB

      Download

    • memory/1760-55-0x0000000000400000-0x0000000000428000-memory.dmp

      Filesize

      160KB

      Download

    • memory/1760-54-0x0000000075931000-0x0000000075933000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1760-76-0x00000000002B0000-0x00000000002C4000-memory.dmp

      Filesize

      80KB

      Download

    • memory/1760-77-0x0000000000400000-0x0000000000428000-memory.dmp

      Filesize

      160KB

      Download

    • memory/1812-71-0x00000000008F1000-0x00000000008F3000-memory.dmp

      Filesize

      8KB

      Download