Overview

overview

8

Static

static

f80cc1c945...7c.exe

windows7-x64

8

f80cc1c945...7c.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    93s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/12/2022, 03:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f80cc1c9456345459f2d958632876e8b5e99bc6319974bd5f6fd9534bd18017c.exe

  • Size

    3.9MB

  • MD5

    77e0178ed9946f03706d15bfb867fb50

  • SHA1

    276051c6d6415be0ea2dd40c0fc6f71c1e0f2f01

  • SHA256

    f80cc1c9456345459f2d958632876e8b5e99bc6319974bd5f6fd9534bd18017c

  • SHA512

    f6d445010678c5833c63c3aebdc3d5e47f6edeb88ef361796a6de70b96d74ba5b7bbb13c17f4d836e9fe2a10ca0ce2859d767308d9e02ebfd3b44974c528e2ac

  • SSDEEP

    98304:W+isCYgiRwL2Gx66Sn3GBVOdYFy73zLhO32WPZCgQ:Wjxis2GJSWBVs73wlhCH

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f80cc1c9456345459f2d958632876e8b5e99bc6319974bd5f6fd9534bd18017c.exe
    "C:\Users\Admin\AppData\Local\Temp\f80cc1c9456345459f2d958632876e8b5e99bc6319974bd5f6fd9534bd18017c.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3712
    • C:\Users\Admin\AppData\Local\Temp\is-QSOJE.tmp\f80cc1c9456345459f2d958632876e8b5e99bc6319974bd5f6fd9534bd18017c.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-QSOJE.tmp\f80cc1c9456345459f2d958632876e8b5e99bc6319974bd5f6fd9534bd18017c.tmp" /SL5="$501C0,3635125,114176,C:\Users\Admin\AppData\Local\Temp\f80cc1c9456345459f2d958632876e8b5e99bc6319974bd5f6fd9534bd18017c.exe"
      2⤵
      • Executes dropped EXE
      PID:3300

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-QSOJE.tmp\f80cc1c9456345459f2d958632876e8b5e99bc6319974bd5f6fd9534bd18017c.tmp
    Filesize

    1.1MB

    MD5

    61e31d9208c5b73d0afc01d99ef48f8d

    SHA1

    e180ebcfd6ae459c009ce46d07d371b756bd0610

    SHA256

    5ad6c16c78be382d06f02965d0b9cc786736ee741bd439a104405c9070501e6c

    SHA512

    e6826a46e6e8716e40ddc52b4c10a7bac1a7602a53dbb3163d9adc5b401e42ce207ed71be6d6548fd4af001edb68293455f9243434312152fca70215fab8a80d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-QSOJE.tmp\f80cc1c9456345459f2d958632876e8b5e99bc6319974bd5f6fd9534bd18017c.tmp
    Filesize

    1.1MB

    MD5

    61e31d9208c5b73d0afc01d99ef48f8d

    SHA1

    e180ebcfd6ae459c009ce46d07d371b756bd0610

    SHA256

    5ad6c16c78be382d06f02965d0b9cc786736ee741bd439a104405c9070501e6c

    SHA512

    e6826a46e6e8716e40ddc52b4c10a7bac1a7602a53dbb3163d9adc5b401e42ce207ed71be6d6548fd4af001edb68293455f9243434312152fca70215fab8a80d

    Download Submit

  • memory/3712-132-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

    Download

  • memory/3712-136-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

    Download

  • memory/3712-138-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

    Download