Overview

overview

8

Static

static

Activation.exe

windows7-x64

8

Activation.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    197s
  • max time network
    292s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    10-01-2023 01:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Activation.exe

  • Size

    25.1MB

  • MD5

    cf8d73314e5d92bf64e24d45ad2fb09a

  • SHA1

    d20bc93ae9be50c73195bad2279e82a67ebcb470

  • SHA256

    0bd0c21cd425cf48aa8545f90281bc626a34047b3e13587fe1d43ec566238375

  • SHA512

    019315b0d519d6d95e3dfac20dbd66513c84ecdc84b3602b13d4978c32bb2b2ab48d94a059301cb7085610710c0025146fcdcbe3a293fc5d869f79fb17e53332

  • SSDEEP

    786432:g0C8aOO3uDiKunlS6qAeFNW+jEymjgYP1Rdw:EROIStAFP1o

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Activation.exe
    "C:\Users\Admin\AppData\Local\Temp\Activation.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2256
    • C:\Users\Admin\AppData\Local\Temp\is-BPADR.tmp\Activation.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-BPADR.tmp\Activation.tmp" /SL5="$E006C,26026038,57344,C:\Users\Admin\AppData\Local\Temp\Activation.exe"
      2⤵
      • Executes dropped EXE
      PID:4872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-BPADR.tmp\Activation.tmp
    Filesize

    701KB

    MD5

    8f8926675f2f062bb1f1c314ee04705d

    SHA1

    3f4dee5428b7cb0d03cbdf3c3b799f2a2622ba40

    SHA256

    1a6975352d2c19c1d5f11bb5aee9d4e3b22741bce79bc4d83209ab47c23185ba

    SHA512

    c5fe956b0bfeda6b5a05b40e5e68b21e6ca5908ae486f8565faaeb122452cd0d28373f22f3446937e79ff0b62467829ac68afd13730b893dd540474dece272b1

    Download Submit

  • memory/2256-132-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2256-136-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2256-137-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download