Overview

overview

8

Static

static

edrawmax.exe

windows7-x64

8

edrawmax.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    91s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/12/2022, 23:13

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    edrawmax.exe

  • Size

    76.7MB

  • MD5

    424ae6a1cbc78cb0f81380eaf75f6a00

  • SHA1

    33772dd3170ff5ee4f2be1cd9eee82836aceb594

  • SHA256

    e4b73e23cf600d4fee331e7300d86a8faa1a945751ad8646792d76cfe9bb4f37

  • SHA512

    5704d24286df84c06b6c492fa256f28ef0a9d4d2a339c13566bbde3c2950b1e33e11e40471cd7c7f57d4453d32959ba2b2d97b46ef2098be691d14d3e55e8f6e

  • SSDEEP

    1572864:XCm67nYuItrprOEQOoEXJi6SJENV7qz7xZPZt2K2liIVObDBgeZxx3VQQoNv58sz:mnRIrIErEuVcFjt2d1wnBgI1VQQoNvOu

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\edrawmax.exe
    "C:\Users\Admin\AppData\Local\Temp\edrawmax.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:372
    • C:\Users\Admin\AppData\Local\Temp\is-1287U.tmp\edrawmax.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-1287U.tmp\edrawmax.tmp" /SL5="$60090,79961065,129536,C:\Users\Admin\AppData\Local\Temp\edrawmax.exe"
      2⤵
      • Executes dropped EXE
      PID:1780

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\is-1287U.tmp\edrawmax.tmp
          Filesize

          1.1MB

          MD5

          9ffcdcabde63d087ecc8368add047c18

          SHA1

          4f050e05dea58e22f8ce966483a330ab68fc2893

          SHA256

          430db47c54d1bd4aa944f533fb78a545e257d6dcfeab8da0ec9c2d50bf0577ea

          SHA512

          b0838fe22da39dd2b47fa5c8ebadb36be5ff121750f8bb66e45e51e130a103acbed375537fbb51b9bf0456a504e9a6fb678802e24e98ffe4166a3ad12d61d07d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\is-1287U.tmp\edrawmax.tmp
          Filesize

          1.1MB

          MD5

          9ffcdcabde63d087ecc8368add047c18

          SHA1

          4f050e05dea58e22f8ce966483a330ab68fc2893

          SHA256

          430db47c54d1bd4aa944f533fb78a545e257d6dcfeab8da0ec9c2d50bf0577ea

          SHA512

          b0838fe22da39dd2b47fa5c8ebadb36be5ff121750f8bb66e45e51e130a103acbed375537fbb51b9bf0456a504e9a6fb678802e24e98ffe4166a3ad12d61d07d

          Download Submit

        • memory/372-132-0x0000000000400000-0x000000000042A000-memory.dmp

          Filesize

          168KB

          Download

        • memory/372-137-0x0000000000400000-0x000000000042A000-memory.dmp

          Filesize

          168KB

          Download