Overview

overview

8

Static

static

636410941b...f3.exe

windows7-x64

8

636410941b...f3.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    112s
  • max time network
    137s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/12/2022, 00:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    636410941b3b31c1f78a0b4ca2295148977903b34ba568d1dc33d3a88615aff3.exe

  • Size

    630KB

  • MD5

    2f763781c1ea96568887ab0e1d1415e0

  • SHA1

    66e5734432db8569c03a16cbdf9a0005dde85308

  • SHA256

    636410941b3b31c1f78a0b4ca2295148977903b34ba568d1dc33d3a88615aff3

  • SHA512

    e5ac8e9542063bd6715622854cb652e9214ee4b4c787d0cde3a0de41dae102c2fb543c6f81a5c2d7a378e5acaf3637c680ea1854074a4bc33292dfc6a79060e0

  • SSDEEP

    12288:mEtDt+QFAYvL7+3uhyMNfAsLfozPCOZ/5hNeGX9UZPTjOpMZaBY/x4b7GEtDt+Q:LTdvvdBfAXTBhqt4MZaB3rT

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\636410941b3b31c1f78a0b4ca2295148977903b34ba568d1dc33d3a88615aff3.exe
    "C:\Users\Admin\AppData\Local\Temp\636410941b3b31c1f78a0b4ca2295148977903b34ba568d1dc33d3a88615aff3.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5060
    • C:\Users\Admin\AppData\Local\Temp\~DFA23D.tmp
      C:\Users\Admin\AppData\Local\Temp\~DFA23D.tmp OK
      2⤵
      • Executes dropped EXE
      PID:4312

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\~DFA23D.tmp
    Filesize

    633KB

    MD5

    b6e8ced1b505bfc46c3eacbcb6441192

    SHA1

    d4b7b424c61917791feb39660f735a200edaf64b

    SHA256

    d19829f7b8608963754b53108fd7fac61c61453c43fe3774dbf96348a0d3978b

    SHA512

    f7ef8bb9a9b0a291eaf608f5e3e407805542f9522c6736f8a83929ab02cbc06e245c1bec30ced7a917f7ee02d7401c378c35aa587d7f7721ae278c8b5d29e945

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~DFA23D.tmp
    Filesize

    633KB

    MD5

    b6e8ced1b505bfc46c3eacbcb6441192

    SHA1

    d4b7b424c61917791feb39660f735a200edaf64b

    SHA256

    d19829f7b8608963754b53108fd7fac61c61453c43fe3774dbf96348a0d3978b

    SHA512

    f7ef8bb9a9b0a291eaf608f5e3e407805542f9522c6736f8a83929ab02cbc06e245c1bec30ced7a917f7ee02d7401c378c35aa587d7f7721ae278c8b5d29e945

    Download Submit

  • memory/4312-136-0x00000000000A0000-0x000000000015F000-memory.dmp

    Filesize

    764KB

    Download

  • memory/5060-133-0x00000000000C0000-0x000000000017F000-memory.dmp

    Filesize

    764KB

    Download

  • memory/5060-137-0x00000000000C0000-0x000000000017F000-memory.dmp

    Filesize

    764KB

    Download