b774466cbf5e7682dc7aed6dc00b072676964eb3bf5288078763f249258a6ac7

Analysis

max time kernel
179s
max time network
128s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 05:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b774466cbf5e7682dc7aed6dc00b072676964eb3bf5288078763f249258a6ac7.exe
Size

92KB
MD5

b72b1f0f7528b4a7055ebc1ff1fc4af9
SHA1

58e0b4749b2b08811677b5da729372b8baceba9a
SHA256

b774466cbf5e7682dc7aed6dc00b072676964eb3bf5288078763f249258a6ac7
SHA512

994a31bdceebee992a8062721d8d86c9c3572063398367627da3ab864b3d216ca77295ef5c33450a5931211141c02dff030b4ca4bb9248cd22db1203f5e641de
SSDEEP

1536:5xk7LJVGdm9RUAAUCTBkk46Nj3R28Fu2gg1ODzQmmsEZFTceN:Q74m9ULD28QNg1OnQ1sMueN

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1544	Explorer.exe
520	explorer.exe

Deletes itself 1 IoCs

pid	Process
1544	Explorer.exe

Loads dropped DLL 1 IoCs

pid	Process
556	b774466cbf5e7682dc7aed6dc00b072676964eb3bf5288078763f249258a6ac7.exe

Drops file in Program Files directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Bqjfgqfgcx\Path.rcd	b774466cbf5e7682dc7aed6dc00b072676964eb3bf5288078763f249258a6ac7.exe
File created	C:\Program Files (x86)\Ouycqd Uqaknxna\Explorer.exe	b774466cbf5e7682dc7aed6dc00b072676964eb3bf5288078763f249258a6ac7.exe
File opened for modification	C:\Program Files (x86)\Ouycqd Uqaknxna\Explorer.exe	b774466cbf5e7682dc7aed6dc00b072676964eb3bf5288078763f249258a6ac7.exe
File opened for modification	C:\Program Files (x86)\Bqjfgqfgcx\30609	Explorer.exe
File opened for modification	C:\Program Files (x86)\Bqjfgqfgcx\19596	Explorer.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1544	Explorer.exe
1544	Explorer.exe
1544	Explorer.exe
1544	Explorer.exe
1544	Explorer.exe
1544	Explorer.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 556 wrote to memory of 1544	556	b774466cbf5e7682dc7aed6dc00b072676964eb3bf5288078763f249258a6ac7.exe	28
PID 556 wrote to memory of 1544	556	b774466cbf5e7682dc7aed6dc00b072676964eb3bf5288078763f249258a6ac7.exe	28
PID 556 wrote to memory of 1544	556	b774466cbf5e7682dc7aed6dc00b072676964eb3bf5288078763f249258a6ac7.exe	28
PID 556 wrote to memory of 1544	556	b774466cbf5e7682dc7aed6dc00b072676964eb3bf5288078763f249258a6ac7.exe	28
PID 1544 wrote to memory of 520	1544	Explorer.exe	29
PID 1544 wrote to memory of 520	1544	Explorer.exe	29
PID 1544 wrote to memory of 520	1544	Explorer.exe	29
PID 1544 wrote to memory of 520	1544	Explorer.exe	29

C:\Users\Admin\AppData\Local\Temp\b774466cbf5e7682dc7aed6dc00b072676964eb3bf5288078763f249258a6ac7.exe
"C:\Users\Admin\AppData\Local\Temp\b774466cbf5e7682dc7aed6dc00b072676964eb3bf5288078763f249258a6ac7.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:556
- C:\Program Files (x86)\Ouycqd Uqaknxna\Explorer.exe
  .
  2⤵
  - Executes dropped EXE
  - Deletes itself
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1544
- - C:\Program Files (x86)\Ouycqd Uqaknxna\explorer.exe
    explorer.exe
    3⤵
    - Executes dropped EXE
    PID:520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Bqjfgqfgcx\Path.rcd

Filesize
260B

MD5
bdb6d24c37cf01692c3ea5591446015d

SHA1
fca90c08bb5e019f494ecd9bfabdc36b5a43bba3

SHA256
3bec0b01c2ac14ca00841fad20586914b79a0829e9774b1fcded2ee3cf268c13

SHA512
2e3c9b56dab0bcb7e7f831afb36198401d0320987248e2d90237a8882c7835a371d81c1bbb3bb0eba6219256ea251ba0c36a05241f86f42e7aa76b557e9c2651

Download Submit
C:\Program Files (x86)\Ouycqd Uqaknxna\Explorer.exe

Filesize
9.8MB

MD5
4dd0ee9ad383ac9722e1cc0487423ef7

SHA1
8300bcef8bd4d26c65a7e98ecd76bfb1eba94d09

SHA256
ea6d9e488dd69beaa470ccbf4c369f87b979da89cf32736ff671c4152f49cbc3

SHA512
c3e45e0270b728a93dc1aaae31e0c2d8763da84317232a202a668210f8b2fde00fea0347743e9eee53c97095c4262f0be17cc715c70e1691d7ac0a25d1476e4b

Download Submit
C:\Program Files (x86)\Ouycqd Uqaknxna\Explorer.exe

Filesize
9.8MB

MD5
4dd0ee9ad383ac9722e1cc0487423ef7

SHA1
8300bcef8bd4d26c65a7e98ecd76bfb1eba94d09

SHA256
ea6d9e488dd69beaa470ccbf4c369f87b979da89cf32736ff671c4152f49cbc3

SHA512
c3e45e0270b728a93dc1aaae31e0c2d8763da84317232a202a668210f8b2fde00fea0347743e9eee53c97095c4262f0be17cc715c70e1691d7ac0a25d1476e4b

Download Submit
\Program Files (x86)\Ouycqd Uqaknxna\Explorer.exe

Filesize
9.8MB

MD5
4dd0ee9ad383ac9722e1cc0487423ef7

SHA1
8300bcef8bd4d26c65a7e98ecd76bfb1eba94d09

SHA256
ea6d9e488dd69beaa470ccbf4c369f87b979da89cf32736ff671c4152f49cbc3

SHA512
c3e45e0270b728a93dc1aaae31e0c2d8763da84317232a202a668210f8b2fde00fea0347743e9eee53c97095c4262f0be17cc715c70e1691d7ac0a25d1476e4b

Download Submit
memory/556-54-0x0000000074FD1000-0x0000000074FD3000-memory.dmp

Filesize
8KB

Download
memory/1544-63-0x0000000074231000-0x0000000074233000-memory.dmp

Filesize
8KB

Download