Overview

overview

5

Static

static

ba50a3b643...17.exe

windows7-x64

1

ba50a3b643...17.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    133s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/12/2022, 05:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ba50a3b643514b05ad3a92ac578a74720c5decf258ed27bb008d58c32bcf2017.exe

  • Size

    137KB

  • MD5

    25aa86b5afc795cf63082b083b7d5b91

  • SHA1

    e0b9ef9e95a60a0a956a8b1669b2fa36358aab5c

  • SHA256

    ba50a3b643514b05ad3a92ac578a74720c5decf258ed27bb008d58c32bcf2017

  • SHA512

    e51f4fb100756c8d5442a996831b4b5fa66f6a7367f4407e3fbd78125bcf0afc360bead694fa1dc81fb255ccedbf58764680f82b29e54e2a786b081b714005d2

  • SSDEEP

    3072:KZDMrWlf/FafXXvxJ8t6q/dd33Ecy8EEKOuclJdsyCgnz0Pjqzj/FX93J:SI6Z/FcXXM6q/v30cy8EEKOuclJd/CgJ

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 2 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ba50a3b643514b05ad3a92ac578a74720c5decf258ed27bb008d58c32bcf2017.exe
    "C:\Users\Admin\AppData\Local\Temp\ba50a3b643514b05ad3a92ac578a74720c5decf258ed27bb008d58c32bcf2017.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1544
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k netsvcs -p
    1⤵
    • Drops file in System32 directory
    • Checks processor information in registry
    • Enumerates system info in registry
    PID:384

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1544-132-0x0000000000400000-0x0000000000423000-memory.dmp

    Filesize

    140KB

    Download

  • memory/1544-136-0x0000000000400000-0x0000000000423000-memory.dmp

    Filesize

    140KB

    Download