eb8eac8e1df3e51cf48ec96b8f3bad6b143662f588b09570bb8c35ea81267af3

Analysis

max time kernel
22s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 07:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eb8eac8e1df3e51cf48ec96b8f3bad6b143662f588b09570bb8c35ea81267af3.exe
Size

21KB
MD5

e219a3e74262b0c95c065dc23708ecf2
SHA1

5327e728231f20b03fd87a82cd802e2fe9427f62
SHA256

eb8eac8e1df3e51cf48ec96b8f3bad6b143662f588b09570bb8c35ea81267af3
SHA512

f26e31f8f38092309f4dc473ff16f8d762b10853df4d15cd464b90461072e43e110c6a42fcc78b3fe53ab7848312fba8035aba0dea897f2bf6e271f39940a636
SSDEEP

384:/2FZ2vDhh49IjhZYEYlR3vM+Ug5cy8u8e7mHclW2lpIT+Kpk+IOczdYbl0:+FZ29hQIl+t3vM+Ug5xh3mgWBTeHLWe

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1772	servet.exe

Deletes itself 1 IoCs

pid	Process
1104	cmd.exe

Loads dropped DLL 2 IoCs

pid	Process
1460	eb8eac8e1df3e51cf48ec96b8f3bad6b143662f588b09570bb8c35ea81267af3.exe
1460	eb8eac8e1df3e51cf48ec96b8f3bad6b143662f588b09570bb8c35ea81267af3.exe

Drops file in System32 directory 4 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\servet.exe	eb8eac8e1df3e51cf48ec96b8f3bad6b143662f588b09570bb8c35ea81267af3.exe
File opened for modification	C:\Windows\SysWOW64\servet.exe	eb8eac8e1df3e51cf48ec96b8f3bad6b143662f588b09570bb8c35ea81267af3.exe
File opened for modification	C:\Windows\SysWOW64\servet.exe	servet.exe
File created	C:\Windows\SysWOW64\Deleteme.bat	eb8eac8e1df3e51cf48ec96b8f3bad6b143662f588b09570bb8c35ea81267af3.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1460 wrote to memory of 1772	1460	eb8eac8e1df3e51cf48ec96b8f3bad6b143662f588b09570bb8c35ea81267af3.exe	28
PID 1460 wrote to memory of 1772	1460	eb8eac8e1df3e51cf48ec96b8f3bad6b143662f588b09570bb8c35ea81267af3.exe	28
PID 1460 wrote to memory of 1772	1460	eb8eac8e1df3e51cf48ec96b8f3bad6b143662f588b09570bb8c35ea81267af3.exe	28
PID 1460 wrote to memory of 1772	1460	eb8eac8e1df3e51cf48ec96b8f3bad6b143662f588b09570bb8c35ea81267af3.exe	28
PID 1460 wrote to memory of 1104	1460	eb8eac8e1df3e51cf48ec96b8f3bad6b143662f588b09570bb8c35ea81267af3.exe	29
PID 1460 wrote to memory of 1104	1460	eb8eac8e1df3e51cf48ec96b8f3bad6b143662f588b09570bb8c35ea81267af3.exe	29
PID 1460 wrote to memory of 1104	1460	eb8eac8e1df3e51cf48ec96b8f3bad6b143662f588b09570bb8c35ea81267af3.exe	29
PID 1460 wrote to memory of 1104	1460	eb8eac8e1df3e51cf48ec96b8f3bad6b143662f588b09570bb8c35ea81267af3.exe	29

C:\Users\Admin\AppData\Local\Temp\eb8eac8e1df3e51cf48ec96b8f3bad6b143662f588b09570bb8c35ea81267af3.exe
"C:\Users\Admin\AppData\Local\Temp\eb8eac8e1df3e51cf48ec96b8f3bad6b143662f588b09570bb8c35ea81267af3.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1460
- C:\Windows\SysWOW64\servet.exe
  C:\Windows\system32\servet.exe
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  PID:1772
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Windows\system32\Deleteme.bat
  2⤵
  - Deletes itself
  PID:1104

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\Deleteme.bat

Filesize
248B

MD5
bf8f58a75b2b078d2b37fcfdf4cba178

SHA1
37cd3046a8d23a6a2712a9dc1044a970d17cdc55

SHA256
e32000c4509ed6e846115750fca990173c4e60dfaf40607e3254d4950e7882eb

SHA512
055ee70f259023a26f364ff88bb91068bacdd954b9081a4d39eb263f95783044a3925dbbe234e483c4473eef03b1e35b6745851e595cf4f894069ae565a5296b

Download Submit
C:\Windows\SysWOW64\servet.exe

Filesize
21KB

MD5
e219a3e74262b0c95c065dc23708ecf2

SHA1
5327e728231f20b03fd87a82cd802e2fe9427f62

SHA256
eb8eac8e1df3e51cf48ec96b8f3bad6b143662f588b09570bb8c35ea81267af3

SHA512
f26e31f8f38092309f4dc473ff16f8d762b10853df4d15cd464b90461072e43e110c6a42fcc78b3fe53ab7848312fba8035aba0dea897f2bf6e271f39940a636

Download Submit
C:\Windows\SysWOW64\servet.exe

Filesize
21KB

MD5
e219a3e74262b0c95c065dc23708ecf2

SHA1
5327e728231f20b03fd87a82cd802e2fe9427f62

SHA256
eb8eac8e1df3e51cf48ec96b8f3bad6b143662f588b09570bb8c35ea81267af3

SHA512
f26e31f8f38092309f4dc473ff16f8d762b10853df4d15cd464b90461072e43e110c6a42fcc78b3fe53ab7848312fba8035aba0dea897f2bf6e271f39940a636

Download Submit
\Windows\SysWOW64\servet.exe

Filesize
21KB

MD5
e219a3e74262b0c95c065dc23708ecf2

SHA1
5327e728231f20b03fd87a82cd802e2fe9427f62

SHA256
eb8eac8e1df3e51cf48ec96b8f3bad6b143662f588b09570bb8c35ea81267af3

SHA512
f26e31f8f38092309f4dc473ff16f8d762b10853df4d15cd464b90461072e43e110c6a42fcc78b3fe53ab7848312fba8035aba0dea897f2bf6e271f39940a636

Download Submit
\Windows\SysWOW64\servet.exe

Filesize
21KB

MD5
e219a3e74262b0c95c065dc23708ecf2

SHA1
5327e728231f20b03fd87a82cd802e2fe9427f62

SHA256
eb8eac8e1df3e51cf48ec96b8f3bad6b143662f588b09570bb8c35ea81267af3

SHA512
f26e31f8f38092309f4dc473ff16f8d762b10853df4d15cd464b90461072e43e110c6a42fcc78b3fe53ab7848312fba8035aba0dea897f2bf6e271f39940a636

Download Submit
memory/1460-54-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/1460-55-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/1460-64-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/1772-60-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/1772-62-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads