Overview

overview

8

Static

static

a01dd6978a...9e.exe

windows7-x64

8

a01dd6978a...9e.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    44s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    06-12-2022 18:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a01dd6978ac4fbc8d75525d99f666ac4320cd8d97b1999c22157e0f282d13b9e.exe

  • Size

    323KB

  • MD5

    884e059425047f2c3271a88e482e486f

  • SHA1

    a9003c333dacc6552949d7962c261841f0ca406c

  • SHA256

    a01dd6978ac4fbc8d75525d99f666ac4320cd8d97b1999c22157e0f282d13b9e

  • SHA512

    2875ef89d213195a740cbf5b8640bc92dceb5cfe86739d2111d324d583a929847f0f8fcd0d4fff84b6959b3cfeedfb769a8680670c3e0bd18c4ec118abd755e8

  • SSDEEP

    1536:u8rBDZgFLJzSLWTppiU5BnD8SlNDSzvHF5OaeCCVpguN4eSe+eooOoaoCoCo0oBR:5lZgFLGepiU5BAQ7

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Deletes itself 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a01dd6978ac4fbc8d75525d99f666ac4320cd8d97b1999c22157e0f282d13b9e.exe
    "C:\Users\Admin\AppData\Local\Temp\a01dd6978ac4fbc8d75525d99f666ac4320cd8d97b1999c22157e0f282d13b9e.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1492
    • C:\Windows\SysWOW64\wscript.exe
      /nologo C:\WINDOWS\zxcvv.vbs
      2⤵
        PID:1748
      • C:\Users\Admin\AppData\Local\Temp\Del31DB.tmp
        C:\Users\Admin\AppData\Local\Temp\Del31DB.tmp 156 "C:\Users\Admin\AppData\Local\Temp\a01dd6978ac4fbc8d75525d99f666ac4320cd8d97b1999c22157e0f282d13b9e.exe"
        2⤵
        • Executes dropped EXE
        • Deletes itself
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:1360
        • C:\Windows\SysWOW64\wscript.exe
          /nologo C:\WINDOWS\zxcvv.vbs
          3⤵
            PID:296

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\Del31DB.tmp
        Filesize

        323KB

        MD5

        884e059425047f2c3271a88e482e486f

        SHA1

        a9003c333dacc6552949d7962c261841f0ca406c

        SHA256

        a01dd6978ac4fbc8d75525d99f666ac4320cd8d97b1999c22157e0f282d13b9e

        SHA512

        2875ef89d213195a740cbf5b8640bc92dceb5cfe86739d2111d324d583a929847f0f8fcd0d4fff84b6959b3cfeedfb769a8680670c3e0bd18c4ec118abd755e8

        Download Submit

      • C:\WINDOWS\zxcvv.vbs
        Filesize

        266KB

        MD5

        e54857b4590a2097ae9c67d700aa0366

        SHA1

        3afeac8582f22e5af9bf8fc6bb45f0c85357dac7

        SHA256

        79f7d1725133388d18b976f6e2fd89813d57aa6c809939f7c4526cf1e2e312ae

        SHA512

        04d0aef7adec0d2d7f674fbf577a2295098f06cd1b4e9b311d4f62fb6c5c4e592f7666c01ceefc9677fdde42f6dca4a6e3376152f7d7a7b9e0d77fc49f4f322d

        Download Submit

      • C:\WINDOWS\zxcvv.vbs
        Filesize

        266KB

        MD5

        e54857b4590a2097ae9c67d700aa0366

        SHA1

        3afeac8582f22e5af9bf8fc6bb45f0c85357dac7

        SHA256

        79f7d1725133388d18b976f6e2fd89813d57aa6c809939f7c4526cf1e2e312ae

        SHA512

        04d0aef7adec0d2d7f674fbf577a2295098f06cd1b4e9b311d4f62fb6c5c4e592f7666c01ceefc9677fdde42f6dca4a6e3376152f7d7a7b9e0d77fc49f4f322d

        Download Submit

      • memory/1492-54-0x0000000076BA1000-0x0000000076BA3000-memory.dmp

        Filesize

        8KB

        Download