Analysis

  • max time kernel
    161s
  • max time network
    184s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/12/2022, 18:30

General

  • Target

    f35967b5066a6ad7279dc6ca83d527ac6d69518f23f832da3c75827bad18776b.exe

  • Size

    701KB

  • MD5

    a9d667c90007895deeb57859b332baf1

  • SHA1

    d06e81de09ae6c5c69168d1bbb37b2dd253e71d2

  • SHA256

    f35967b5066a6ad7279dc6ca83d527ac6d69518f23f832da3c75827bad18776b

  • SHA512

    68d4f0f92720bcd63c0b7539e13a4b137d131ae52b8473314edb6adc5b63cd1bca035bcfabae70acc0e1b76f51e5b69a72381785cceb69c917b0421a39a961ba

  • SSDEEP

    12288:arJOmckcjYkNctl97So3klSqes1LxvHYJVwshcGq/GqZzE/xJ8:kJOmqsA69fcS611GWsW/GczE/xJ8

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f35967b5066a6ad7279dc6ca83d527ac6d69518f23f832da3c75827bad18776b.exe
    "C:\Users\Admin\AppData\Local\Temp\f35967b5066a6ad7279dc6ca83d527ac6d69518f23f832da3c75827bad18776b.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:5024
    • C:\Users\Admin\AppData\Local\Temp\f35967b5066a6ad7279dc6ca83d527ac6d69518f23f832da3c75827bad18776b.exe
      C:\Users\Admin\AppData\Local\Temp\f35967b5066a6ad7279dc6ca83d527ac6d69518f23f832da3c75827bad18776b.exe
      2⤵
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:2828
      • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\scan.exe
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\scan.exe
        3⤵
        • Executes dropped EXE
        PID:1996

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\scan.exe

          Filesize

          1.1MB

          MD5

          803e2deb3875b97d0d4321e8ea3e37b4

          SHA1

          c694b2bf6d92d8b8fa2976ac038e51c52b3c7275

          SHA256

          7081d0917b0f818a99d092611c9920cf206fa40489048a5ae937b823764e6f2d

          SHA512

          bb0828d0cb86c5b3e22a04cb4802450f92251d7e8eb4c97da4c117cd808351041cb95b494d062310fbfa73d6184ebd683d6ecf96beb516c6783756e7acfef73c

        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\scan.exe

          Filesize

          1.1MB

          MD5

          803e2deb3875b97d0d4321e8ea3e37b4

          SHA1

          c694b2bf6d92d8b8fa2976ac038e51c52b3c7275

          SHA256

          7081d0917b0f818a99d092611c9920cf206fa40489048a5ae937b823764e6f2d

          SHA512

          bb0828d0cb86c5b3e22a04cb4802450f92251d7e8eb4c97da4c117cd808351041cb95b494d062310fbfa73d6184ebd683d6ecf96beb516c6783756e7acfef73c

        • memory/2828-135-0x0000000001000000-0x00000000010AD000-memory.dmp

          Filesize

          692KB

        • memory/2828-138-0x0000000001000000-0x00000000010AD000-memory.dmp

          Filesize

          692KB

        • memory/2828-142-0x0000000001000000-0x00000000010AD000-memory.dmp

          Filesize

          692KB

        • memory/2828-143-0x0000000000400000-0x0000000000408001-memory.dmp

          Filesize

          32KB

        • memory/5024-137-0x0000000000400000-0x0000000000408001-memory.dmp

          Filesize

          32KB