33000a25501539092df18b432b017580cd7773103d2cf8a6cb5b3777856a464f

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
25/12/2022, 01:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

33000a25501539092df18b432b017580cd7773103d2cf8a6cb5b3777856a464f.exe
Size

2.2MB
MD5

f40e4b80281562b77eda1418b3bc2de6
SHA1

84209d1a1d753e6d1fc22a3f7f91a4e8d8bdeb18
SHA256

33000a25501539092df18b432b017580cd7773103d2cf8a6cb5b3777856a464f
SHA512

fb5bdc149321f4ab88e1aeda29475312682ee1628413e2e2085f38bf087c7733e02ca52ec27ad59ee2c485d77c405227fda5d8175c8eba1c6f8982656607fb9b
SSDEEP

49152:JhGEwDNISfuIEyWjnZtC+znc1RPTpR+mHWa5mvmE:JhDwxNRi+bRLbTHWamm

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1584	StpFAE3_TMP.EXE

Loads dropped DLL 2 IoCs

pid	Process
752	33000a25501539092df18b432b017580cd7773103d2cf8a6cb5b3777856a464f.exe
752	33000a25501539092df18b432b017580cd7773103d2cf8a6cb5b3777856a464f.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1584	StpFAE3_TMP.EXE
1584	StpFAE3_TMP.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 752 wrote to memory of 1584	752	33000a25501539092df18b432b017580cd7773103d2cf8a6cb5b3777856a464f.exe	28
PID 752 wrote to memory of 1584	752	33000a25501539092df18b432b017580cd7773103d2cf8a6cb5b3777856a464f.exe	28
PID 752 wrote to memory of 1584	752	33000a25501539092df18b432b017580cd7773103d2cf8a6cb5b3777856a464f.exe	28
PID 752 wrote to memory of 1584	752	33000a25501539092df18b432b017580cd7773103d2cf8a6cb5b3777856a464f.exe	28

C:\Users\Admin\AppData\Local\Temp\33000a25501539092df18b432b017580cd7773103d2cf8a6cb5b3777856a464f.exe
"C:\Users\Admin\AppData\Local\Temp\33000a25501539092df18b432b017580cd7773103d2cf8a6cb5b3777856a464f.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:752
- C:\Users\Admin\AppData\Local\Temp\StpFAE3_TMP.EXE
  "C:\Users\Admin\AppData\Local\Temp\StpFAE3_TMP.EXE"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:1584

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\StpFAE3_TMP.EXE

Filesize
2.2MB

MD5
eabe4f494814359002843e4f1f912135

SHA1
53339d865037f0784bbcff1c4f4fde6e39d156db

SHA256
65870d47b4f6b5bd0c8a9948e4cf0e2e8b92d5b53454fa7834a1738292473cac

SHA512
eed6e2ee7c0daa5b1f6b713c6d15b75b0a8eb08e229c44a02c92215a8666cdb19b985b802df924106a6f2492e6db94ca64de78e8d1d77b922f7ddde6532d7785

Download Submit
C:\Users\Admin\AppData\Local\Temp\StpFAE3_TMP.EXE

Filesize
2.2MB

MD5
eabe4f494814359002843e4f1f912135

SHA1
53339d865037f0784bbcff1c4f4fde6e39d156db

SHA256
65870d47b4f6b5bd0c8a9948e4cf0e2e8b92d5b53454fa7834a1738292473cac

SHA512
eed6e2ee7c0daa5b1f6b713c6d15b75b0a8eb08e229c44a02c92215a8666cdb19b985b802df924106a6f2492e6db94ca64de78e8d1d77b922f7ddde6532d7785

Download Submit
\Users\Admin\AppData\Local\Temp\StpFAE3_TMP.EXE

Filesize
2.2MB

MD5
eabe4f494814359002843e4f1f912135

SHA1
53339d865037f0784bbcff1c4f4fde6e39d156db

SHA256
65870d47b4f6b5bd0c8a9948e4cf0e2e8b92d5b53454fa7834a1738292473cac

SHA512
eed6e2ee7c0daa5b1f6b713c6d15b75b0a8eb08e229c44a02c92215a8666cdb19b985b802df924106a6f2492e6db94ca64de78e8d1d77b922f7ddde6532d7785

Download Submit
\Users\Admin\AppData\Local\Temp\StpFAE3_TMP.EXE

Filesize
2.2MB

MD5
eabe4f494814359002843e4f1f912135

SHA1
53339d865037f0784bbcff1c4f4fde6e39d156db

SHA256
65870d47b4f6b5bd0c8a9948e4cf0e2e8b92d5b53454fa7834a1738292473cac

SHA512
eed6e2ee7c0daa5b1f6b713c6d15b75b0a8eb08e229c44a02c92215a8666cdb19b985b802df924106a6f2492e6db94ca64de78e8d1d77b922f7ddde6532d7785

Download Submit
memory/1584-58-0x0000000075241000-0x0000000075243000-memory.dmp

Filesize
8KB

Download