Overview

overview

8

Static

static

c56ca67251...84.exe

windows7-x64

8

c56ca67251...84.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    91s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/12/2022, 13:17

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    c56ca67251970674698333a43d619c8d656ead35fa19695977f9ac1073c25c84.exe

  • Size

    707KB

  • MD5

    0d61aeb5bba24affabeb5a3cb07ac5e6

  • SHA1

    8ce1803b15ef63d5d525b8f60a738a9f2b772775

  • SHA256

    c56ca67251970674698333a43d619c8d656ead35fa19695977f9ac1073c25c84

  • SHA512

    345cf2c0506954b89ece8e94c4c06bb65ab7fcc770a249e9cdf4452950d12b51a4007a588e9d91d9af02a37f5a12c43413eb65426e3c630d115986d52681014b

  • SSDEEP

    12288:g47scdTI2ImihFcGYwLS50tLTXC/gTn009X8fi3NWVSjEhId:Ds+4FDSCJXiglx8fi9WkjEhId

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c56ca67251970674698333a43d619c8d656ead35fa19695977f9ac1073c25c84.exe
    "C:\Users\Admin\AppData\Local\Temp\c56ca67251970674698333a43d619c8d656ead35fa19695977f9ac1073c25c84.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:5072
    • C:\Windows\SysWOW64\Adobe.exe
      C:\Windows\system32\
      2⤵
      • Executes dropped EXE
      PID:4180

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\Adobe.exe
          Filesize

          586KB

          MD5

          b2ebdcfbfe246875dfcfe345b68f7b07

          SHA1

          7e4a6c5f88f157d2e4e013f2c157af4f09218891

          SHA256

          2e3f110898b28abf2b3688831b85023bb7b8f2d3209e5fbdd9f4ef9a22d44c32

          SHA512

          8f0de7bab02678b27c00d80e817b5e05dd24c95030fbbe0456dac2a506edf62fce9a34f02a6c0d7a0095ee1b7e546306a738dec1169dfcfb4125f85678cf4be8

          Download Submit

        • C:\Windows\SysWOW64\Adobe.exe
          Filesize

          586KB

          MD5

          b2ebdcfbfe246875dfcfe345b68f7b07

          SHA1

          7e4a6c5f88f157d2e4e013f2c157af4f09218891

          SHA256

          2e3f110898b28abf2b3688831b85023bb7b8f2d3209e5fbdd9f4ef9a22d44c32

          SHA512

          8f0de7bab02678b27c00d80e817b5e05dd24c95030fbbe0456dac2a506edf62fce9a34f02a6c0d7a0095ee1b7e546306a738dec1169dfcfb4125f85678cf4be8

          Download Submit