Overview

overview

7

Static

static

c3f47a7101...a4.exe

windows7-x64

7

c3f47a7101...a4.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    43s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    01/12/2022, 18:09

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    c3f47a710176917773f84e86c25cebf4c8e0be4c5c48294e33ad57266b7d0ca4.exe

  • Size

    153KB

  • MD5

    2e6dbcc67d19012cad91b7dcd315cebe

  • SHA1

    086a3d2be0118f307de2f7f3b6b311c646a4127a

  • SHA256

    c3f47a710176917773f84e86c25cebf4c8e0be4c5c48294e33ad57266b7d0ca4

  • SHA512

    1d173993753681d9a2e07a4146f86e298ee1db95f790d95036a6aaf84a4e63b32e63d45f9c286e631f249c4a80e89a7302dfbece98dad98e9e625ac1eac22577

  • SSDEEP

    3072:7mp2n5z8uX5MlvT6gqH/kvnBCph8uQt+7POUQp+veh/uA:7mp45znmT6gqfk/4h8w2UOru

Score
7/10

Malware Config

Signatures

  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Deletes itself 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c3f47a710176917773f84e86c25cebf4c8e0be4c5c48294e33ad57266b7d0ca4.exe
    "C:\Users\Admin\AppData\Local\Temp\c3f47a710176917773f84e86c25cebf4c8e0be4c5c48294e33ad57266b7d0ca4.exe"
    1⤵
    • Checks BIOS information in registry
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:1760
    • C:\Windows\SysWOW64\svchost.exe
      "C:\Windows\system32\svchost.exe"
      2⤵
      • Checks BIOS information in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1316
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\system32\cmd.exe" /q /c for /l %i in (1, 1, 4000000000) do if not exist "C:\Users\Admin\AppData\Local\Temp\c3f47a710176917773f84e86c25cebf4c8e0be4c5c48294e33ad57266b7d0ca4.exe" (exit) else (del /f "C:\Users\Admin\AppData\Local\Temp\c3f47a710176917773f84e86c25cebf4c8e0be4c5c48294e33ad57266b7d0ca4.exe")
        3⤵
        • Deletes itself
        PID:1144

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1316-61-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/1760-55-0x0000000000220000-0x0000000000258000-memory.dmp

          Filesize

          224KB

          Download

        • memory/1760-54-0x0000000000400000-0x0000000000438000-memory.dmp

          Filesize

          224KB

          Download

        • memory/1760-56-0x0000000075931000-0x0000000075933000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1760-58-0x0000000000400000-0x0000000000438000-memory.dmp

          Filesize

          224KB

          Download