Overview

overview

8

Static

static

b619788ab3...59.exe

windows7-x64

8

b619788ab3...59.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    127s
  • max time network
    98s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    01-12-2022 19:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b619788ab3831589c45bdcf05196f1a9f2807aea4e3262c7ad89772304531759.exe

  • Size

    783KB

  • MD5

    01b052d1abb0fdc28d41a35fe6e22b3b

  • SHA1

    416363553677012e359e30f9dce1e6a43ebd98e1

  • SHA256

    b619788ab3831589c45bdcf05196f1a9f2807aea4e3262c7ad89772304531759

  • SHA512

    978b8d352d5a8f9bcaea6cb122a29a53b3a3b466efe2b784ffe56bf4149ad0a91cbc43fa679dc32ff179ee64b315cab880ebf195570f4504ac5df5fe7d8923c4

  • SSDEEP

    12288:9ZFAA4AIQAMyIJJowpLAJUrtz1p+49mT5VIEGpzK6FSkFvCBhGj8tvwzIaw27rTo:DaMAnwpLAOrfp955pzvAC8taK27XI

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b619788ab3831589c45bdcf05196f1a9f2807aea4e3262c7ad89772304531759.exe
    "C:\Users\Admin\AppData\Local\Temp\b619788ab3831589c45bdcf05196f1a9f2807aea4e3262c7ad89772304531759.exe"
    1⤵
      PID:1552
    • C:\ProgramData\WordPad\{2A984635-3777-2FE1-9B1C-8A57733F78CC}\cftmon.exe
      "C:\ProgramData\WordPad\{2A984635-3777-2FE1-9B1C-8A57733F78CC}\cftmon.exe" -service
      1⤵
      • Executes dropped EXE
      PID:1960

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\ProgramData\WordPad\{2A984635-3777-2FE1-9B1C-8A57733F78CC}\cftmon.exe
      Filesize

      783KB

      MD5

      01b052d1abb0fdc28d41a35fe6e22b3b

      SHA1

      416363553677012e359e30f9dce1e6a43ebd98e1

      SHA256

      b619788ab3831589c45bdcf05196f1a9f2807aea4e3262c7ad89772304531759

      SHA512

      978b8d352d5a8f9bcaea6cb122a29a53b3a3b466efe2b784ffe56bf4149ad0a91cbc43fa679dc32ff179ee64b315cab880ebf195570f4504ac5df5fe7d8923c4

      Download Submit

    • C:\ProgramData\WordPad\{2A984635-3777-2FE1-9B1C-8A57733F78CC}\cftmon.exe
      Filesize

      783KB

      MD5

      01b052d1abb0fdc28d41a35fe6e22b3b

      SHA1

      416363553677012e359e30f9dce1e6a43ebd98e1

      SHA256

      b619788ab3831589c45bdcf05196f1a9f2807aea4e3262c7ad89772304531759

      SHA512

      978b8d352d5a8f9bcaea6cb122a29a53b3a3b466efe2b784ffe56bf4149ad0a91cbc43fa679dc32ff179ee64b315cab880ebf195570f4504ac5df5fe7d8923c4

      Download Submit

    • memory/1552-54-0x0000000075241000-0x0000000075243000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1552-55-0x0000000000400000-0x0000000000604000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1552-56-0x0000000000390000-0x00000000003EA000-memory.dmp

      Filesize

      360KB

      Download

    • memory/1552-57-0x00000000031D0000-0x00000000031D4000-memory.dmp

      Filesize

      16KB

      Download

    • memory/1552-61-0x0000000000400000-0x0000000000604000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1552-62-0x0000000000390000-0x00000000003EA000-memory.dmp

      Filesize

      360KB

      Download

    • memory/1960-63-0x0000000000400000-0x0000000000604000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1960-64-0x0000000000AA0000-0x0000000000AFA000-memory.dmp

      Filesize

      360KB

      Download