Overview

overview

9

Static

static

c358154b48...84.exe

windows7-x64

9

c358154b48...84.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    19s
  • max time network
    35s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    03-12-2022 05:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c358154b48ad7e666839e5cda7f41e85c1c94db320cdbd596bb251a83c80c484.exe

  • Size

    784KB

  • MD5

    146a13a4c1735062c7e144f8a6aee6f3

  • SHA1

    9a00f7e67196c436a4d9355007055982c24a90e7

  • SHA256

    c358154b48ad7e666839e5cda7f41e85c1c94db320cdbd596bb251a83c80c484

  • SHA512

    b4a50c3b11af3f9f3d4944d456b11743ce96381f80d98061b850719a21d7d669261b4a9a394b91a1291053ace1b1b4446ecc5c45f048e534dfed20e8ae830710

  • SSDEEP

    12288:GefX5bxGTsLvx/WvBLlmDLI/wA0qSniuMVGnmjKnRlgqdQ3QCNTI:GUX5dDFWLUkWqSnZMknmMIfr5I

Score
9/10
evasion

Malware Config

Signatures

  • Checks for common network interception software 1 TTPs

    Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.

    evasion
  • Enumerates VirtualBox registry keys 2 TTPs 1 IoCs
    evasion
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c358154b48ad7e666839e5cda7f41e85c1c94db320cdbd596bb251a83c80c484.exe
    "C:\Users\Admin\AppData\Local\Temp\c358154b48ad7e666839e5cda7f41e85c1c94db320cdbd596bb251a83c80c484.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:268
    • C:\Users\Admin\AppData\Local\Temp\c358154b48ad7e666839e5cda7f41e85c1c94db320cdbd596bb251a83c80c484.exe
      C:\Users\Admin\AppData\Local\Temp\c358154b48ad7e666839e5cda7f41e85c1c94db320cdbd596bb251a83c80c484.exe
      2⤵
      • Enumerates VirtualBox registry keys
      • Suspicious behavior: EnumeratesProcesses
      PID:1076

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/268-54-0x0000000075891000-0x0000000075893000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1076-55-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/1076-56-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/1076-58-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/1076-61-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/1076-64-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/1076-67-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/1076-70-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/1076-73-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/1076-76-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/1076-79-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/1076-82-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/1076-85-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/1076-88-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/1076-92-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download