Overview

overview

8

Static

static

be304daae5...ae.exe

windows7-x64

8

be304daae5...ae.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    154s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/12/2022, 08:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    be304daae5ac76ff3971f3292149924a035581ad073fb24c18857535e0d036ae.exe

  • Size

    389KB

  • MD5

    2758a4e83ed3d4bb46e8530fbbca9ab5

  • SHA1

    fc51de7ac61fce726c3040653bd1f3ac717bf3ce

  • SHA256

    be304daae5ac76ff3971f3292149924a035581ad073fb24c18857535e0d036ae

  • SHA512

    f9fed7e0f2a1994d4e6f8408d5d1b87213351870f6c81f80c9146fccc53bbffc21357c2afa382b9b25be7ef8cc8947981d4b85adade79c67ce3ae777ddc060c0

  • SSDEEP

    12288:YLJPPY6rbDIJaKibTXblQc/971P8NtTird:YL5PY6rQ4/TXX9710TEd

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\be304daae5ac76ff3971f3292149924a035581ad073fb24c18857535e0d036ae.exe
    "C:\Users\Admin\AppData\Local\Temp\be304daae5ac76ff3971f3292149924a035581ad073fb24c18857535e0d036ae.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1608
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Windows\Delete.bat
      2⤵
        PID:4992
    • C:\Windows111.exe
      C:\Windows111.exe
      1⤵
      • Executes dropped EXE
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:4228
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
        2⤵
          PID:4964

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Windows111.exe
        Filesize

        389KB

        MD5

        2758a4e83ed3d4bb46e8530fbbca9ab5

        SHA1

        fc51de7ac61fce726c3040653bd1f3ac717bf3ce

        SHA256

        be304daae5ac76ff3971f3292149924a035581ad073fb24c18857535e0d036ae

        SHA512

        f9fed7e0f2a1994d4e6f8408d5d1b87213351870f6c81f80c9146fccc53bbffc21357c2afa382b9b25be7ef8cc8947981d4b85adade79c67ce3ae777ddc060c0

        Download Submit

      • C:\Windows111.exe
        Filesize

        389KB

        MD5

        2758a4e83ed3d4bb46e8530fbbca9ab5

        SHA1

        fc51de7ac61fce726c3040653bd1f3ac717bf3ce

        SHA256

        be304daae5ac76ff3971f3292149924a035581ad073fb24c18857535e0d036ae

        SHA512

        f9fed7e0f2a1994d4e6f8408d5d1b87213351870f6c81f80c9146fccc53bbffc21357c2afa382b9b25be7ef8cc8947981d4b85adade79c67ce3ae777ddc060c0

        Download Submit

      • C:\Windows\Delete.bat
        Filesize

        250B

        MD5

        0300319ea8195f578ed10b6273b27ce0

        SHA1

        ac7f1e98a09ff3af0b5c0110db2ac746cb8c20a2

        SHA256

        4d74174cb938d258dca3fd685da1927e95aed2f35784e6287226981c8b46fbad

        SHA512

        0beba81246a162ab01df710970ad4faad747756b515b4d585a8fd75b3f7c59a0ba068b224a34fa82a7459bc0da6d114d9af9462d1494f4bb0eb7d383463be6d4

        Download Submit

      • memory/1608-141-0x0000000000400000-0x000000000055C000-memory.dmp

        Filesize

        1.4MB

        Download

      • memory/1608-134-0x0000000002660000-0x000000000267D000-memory.dmp

        Filesize

        116KB

        Download

      • memory/1608-132-0x0000000000400000-0x000000000055C000-memory.dmp

        Filesize

        1.4MB

        Download

      • memory/1608-133-0x00000000007F0000-0x0000000000833000-memory.dmp

        Filesize

        268KB

        Download

      • memory/4228-137-0x0000000000400000-0x000000000055C000-memory.dmp

        Filesize

        1.4MB

        Download

      • memory/4228-139-0x00000000010C0000-0x00000000010DD000-memory.dmp

        Filesize

        116KB

        Download

      • memory/4228-138-0x00000000006C0000-0x0000000000703000-memory.dmp

        Filesize

        268KB

        Download

      • memory/4228-143-0x0000000000400000-0x000000000055C000-memory.dmp

        Filesize

        1.4MB

        Download

      • memory/4228-144-0x00000000010C0000-0x00000000010DD000-memory.dmp

        Filesize

        116KB

        Download