Overview

overview

8

Static

static

fe6015c260...ff.exe

windows7-x64

8

fe6015c260...ff.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    109s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    04-12-2022 03:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fe6015c2605043211f6c1e3a18eef796f3f4339d7e337b020c5272817541e6ff.exe

  • Size

    273KB

  • MD5

    e2014d296f03f84f2a7ef0ef9f996243

  • SHA1

    77ef94ded67154b8b98543ec05408a6d14b10a2c

  • SHA256

    fe6015c2605043211f6c1e3a18eef796f3f4339d7e337b020c5272817541e6ff

  • SHA512

    ad9c89519d72992b0738a5a44b69f38ef5d47435f2d2f3cb8090cce03d696fc92ab31ad9d9b523fbc14b7cae57c42602664eb9862bc0a2f112cba1e0d825f99e

  • SSDEEP

    6144:wP3OASxV76Gts46GH67IHEMhWPYIwFWk8CtAgKxmTgdIPIAd:wPRJGa7fIc0usAhkgq

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Deletes itself 1 IoCs
  • Drops file in Windows directory 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fe6015c2605043211f6c1e3a18eef796f3f4339d7e337b020c5272817541e6ff.exe
    "C:\Users\Admin\AppData\Local\Temp\fe6015c2605043211f6c1e3a18eef796f3f4339d7e337b020c5272817541e6ff.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1620
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\uninstal.bat
      2⤵
      • Deletes itself
      PID:1516
  • C:\Windows\Exe
    C:\Windows\Exe
    1⤵
    • Executes dropped EXE
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Exe
    Filesize

    273KB

    MD5

    e2014d296f03f84f2a7ef0ef9f996243

    SHA1

    77ef94ded67154b8b98543ec05408a6d14b10a2c

    SHA256

    fe6015c2605043211f6c1e3a18eef796f3f4339d7e337b020c5272817541e6ff

    SHA512

    ad9c89519d72992b0738a5a44b69f38ef5d47435f2d2f3cb8090cce03d696fc92ab31ad9d9b523fbc14b7cae57c42602664eb9862bc0a2f112cba1e0d825f99e

    Download Submit

  • C:\Windows\Exe
    Filesize

    273KB

    MD5

    e2014d296f03f84f2a7ef0ef9f996243

    SHA1

    77ef94ded67154b8b98543ec05408a6d14b10a2c

    SHA256

    fe6015c2605043211f6c1e3a18eef796f3f4339d7e337b020c5272817541e6ff

    SHA512

    ad9c89519d72992b0738a5a44b69f38ef5d47435f2d2f3cb8090cce03d696fc92ab31ad9d9b523fbc14b7cae57c42602664eb9862bc0a2f112cba1e0d825f99e

    Download Submit

  • C:\Windows\uninstal.bat
    Filesize

    254B

    MD5

    c7ed4a8963ec9361e5c8c1e7f27f46ff

    SHA1

    afc9d3e6d6121948082a19ec786b43c61d1f8e03

    SHA256

    191677adff1a5f8f817880f66b29bad5b049195e31b60738a729e8e4c804c28d

    SHA512

    2811ad5029c62d504c4a22085b289d0bd1687e8bad9f347567785b9ceedfc7ee904cc0d79105b9d7ecc4aa101c5becc0c6ab89d6f5602c76a5f479b83c14cd48

    Download Submit

  • memory/1520-59-0x0000000000400000-0x00000000004CB011-memory.dmp

    Filesize

    812KB

    Download

  • memory/1620-54-0x0000000000400000-0x00000000004CB011-memory.dmp

    Filesize

    812KB

    Download

  • memory/1620-55-0x0000000075501000-0x0000000075503000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1620-61-0x0000000000400000-0x00000000004CB011-memory.dmp

    Filesize

    812KB

    Download