Overview

overview

8

Static

static

8

a92cd1c983...af.exe

windows7-x64

7

a92cd1c983...af.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    43s
  • max time network
    48s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    03-12-2022 17:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a92cd1c9833831db1681f778cfcc5cb7d0bb99b90af25b086fca4b1f9eb152af.exe

  • Size

    521KB

  • MD5

    0f4a332b6b3863c0135f0bdd9889bb2d

  • SHA1

    9dbfc087ebee7fc65d8330687eb275581bb69dad

  • SHA256

    a92cd1c9833831db1681f778cfcc5cb7d0bb99b90af25b086fca4b1f9eb152af

  • SHA512

    6c5c7ada401cca191014887e39d6317a09a40dd3958374dc0ef0c18cba52654255ba10400b9c2f4e892f23485ef99343bf84c2423138f8b41215f297b92097e9

  • SSDEEP

    12288:VlQnhzryVmnnqQjn6Qqh5WCqnzM20zS3jESDH:LUXnDjntVCQz70z4L

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a92cd1c9833831db1681f778cfcc5cb7d0bb99b90af25b086fca4b1f9eb152af.exe
    "C:\Users\Admin\AppData\Local\Temp\a92cd1c9833831db1681f778cfcc5cb7d0bb99b90af25b086fca4b1f9eb152af.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2016
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\$$306508.bat
      2⤵
      • Deletes itself
      PID:1104

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\$$306508.bat
    Filesize

    182B

    MD5

    3d2e8d8c839cdd675549b44e7ea98f77

    SHA1

    fe813b5969c956f2d6deb7e83bd692c8a508ffc9

    SHA256

    ab944812ce94d04dfc93e94eff34bc09f8e9744560749de26703d311ebc0831d

    SHA512

    e44ff46f08048c63c41eb738d7af79e5cdcf673b85451cbaeffa8a0b8e8626e669c083c970a1c5158050e0a1b271529fbc5d61a45ec6f1610c0551b2705d9bcc

    Download Submit

  • memory/1104-55-0x0000000000000000-mapping.dmp

    Download

  • memory/2016-54-0x0000000075A71000-0x0000000075A73000-memory.dmp

    Filesize

    8KB

    Download