Overview

overview

8

Static

static

8a5ce44669...e3.exe

windows7-x64

8

8a5ce44669...e3.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/12/2022, 21:00

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    8a5ce44669db953fcbb4e15b7936dd7121d84ecd47047772409a0f6bb50b38e3.exe

  • Size

    60KB

  • MD5

    4ae771ed2c7d53937495491d527e1946

  • SHA1

    23d0709bfd24c4b86eb0b8bc5abf002db1c52173

  • SHA256

    8a5ce44669db953fcbb4e15b7936dd7121d84ecd47047772409a0f6bb50b38e3

  • SHA512

    2412686379461a5a3dd00a64c73fe753d326744d2c156f46f615f20564cefd9ad5a0beb853119876a3890dd8325438940ba70eb14b8ba963f20220026f1eea23

  • SSDEEP

    768:zpws4WDCE0N6ZdyLWFqHkvPBo0sDNaZ6m2Dp:1PD7ZALWFDVAO6m2Dp

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Runs net.exe
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8a5ce44669db953fcbb4e15b7936dd7121d84ecd47047772409a0f6bb50b38e3.exe
    "C:\Users\Admin\AppData\Local\Temp\8a5ce44669db953fcbb4e15b7936dd7121d84ecd47047772409a0f6bb50b38e3.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2592
    • C:\Users\Admin\AppData\Local\Temp\caulc.exe
      C:\Users\Admin\AppData\Local\Temp\caulc.exe 8a5ce44669db953fcbb4e15b7936dd7121d84ecd47047772409a0f6bb50b38e3.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2176
      • C:\Windows\SysWOW64\net.exe
        net stop sharedaccess
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:1680
        • C:\Windows\SysWOW64\net1.exe
          C:\Windows\system32\net1 stop sharedaccess
          4⤵
            PID:3060

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\caulc.exe
            Filesize

            44KB

            MD5

            e0232d6bbc8c0850517a5ce6729e5242

            SHA1

            b984cbdd3d0ebec102fe66cf2ae9ac7b3374068e

            SHA256

            7b82d4f4598b92ad1ecf69c0e657841d36f0345aac5767e550edcdcf1998876d

            SHA512

            c740e62d9b20c01966175b5d6a780d743fd80ff350e6a52eed793bac4a77b6282dd98e9efa2c563f2bcb1955a8df67c81f3590868ea82c9f0f3be1333bd94894

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\caulc.exe
            Filesize

            44KB

            MD5

            e0232d6bbc8c0850517a5ce6729e5242

            SHA1

            b984cbdd3d0ebec102fe66cf2ae9ac7b3374068e

            SHA256

            7b82d4f4598b92ad1ecf69c0e657841d36f0345aac5767e550edcdcf1998876d

            SHA512

            c740e62d9b20c01966175b5d6a780d743fd80ff350e6a52eed793bac4a77b6282dd98e9efa2c563f2bcb1955a8df67c81f3590868ea82c9f0f3be1333bd94894

            Download Submit