bc1462975dc1047acace72d40dc87b3baca7c2a3bf71d5f54ecaafb1bf924161

Resubmissions

28/01/2023, 20:13

230128-yzjr1shf2x 10

12/01/2023, 16:07

230112-tk5zgsgf39 10

Analysis

max time kernel
54s
max time network
60s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
12/01/2023, 16:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

windows-kb890830-x64-v5.98_b56cfec6692828d2b240b0978e09fa22ddf23994.exe
Size

42.2MB
MD5

e4b46649d3a062a562e5c8ce5729bdd7
SHA1

b56cfec6692828d2b240b0978e09fa22ddf23994
SHA256

bc1462975dc1047acace72d40dc87b3baca7c2a3bf71d5f54ecaafb1bf924161
SHA512

ffd062af7bab46dcee293f1fe20bff9d677f9593595e34a3e3cf5b2b79bef0283b775adea7fbddefdb020a73e68b7a143df871328231af0600fe0bc1bde6d68c
SSDEEP

786432:IMXrrRLIxJpnkivyTFHltPOTT2WFbK3xXTHqFnnOOFd:IgXIpkPHltPOTTNUxXuFnf

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1088	MRT.exe
1344	Process not Found

Loads dropped DLL 4 IoCs

pid	Process
1972	windows-kb890830-x64-v5.98_b56cfec6692828d2b240b0978e09fa22ddf23994.exe
1972	windows-kb890830-x64-v5.98_b56cfec6692828d2b240b0978e09fa22ddf23994.exe
1088	MRT.exe
1344	Process not Found

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\MRT.exe	windows-kb890830-x64-v5.98_b56cfec6692828d2b240b0978e09fa22ddf23994.exe
File created	C:\Windows\system32\MRT.exe	windows-kb890830-x64-v5.98_b56cfec6692828d2b240b0978e09fa22ddf23994.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\mrt.log	MRT.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1972	windows-kb890830-x64-v5.98_b56cfec6692828d2b240b0978e09fa22ddf23994.exe
1088	MRT.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1972 wrote to memory of 1088	1972	windows-kb890830-x64-v5.98_b56cfec6692828d2b240b0978e09fa22ddf23994.exe	27
PID 1972 wrote to memory of 1088	1972	windows-kb890830-x64-v5.98_b56cfec6692828d2b240b0978e09fa22ddf23994.exe	27
PID 1972 wrote to memory of 1088	1972	windows-kb890830-x64-v5.98_b56cfec6692828d2b240b0978e09fa22ddf23994.exe	27

C:\Users\Admin\AppData\Local\Temp\windows-kb890830-x64-v5.98_b56cfec6692828d2b240b0978e09fa22ddf23994.exe
"C:\Users\Admin\AppData\Local\Temp\windows-kb890830-x64-v5.98_b56cfec6692828d2b240b0978e09fa22ddf23994.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1972
- C:\Windows\system32\MRT.exe
  "C:\Windows\system32\MRT.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  PID:1088

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\MRT.exe

Filesize
142.7MB

MD5
01bb6618647c7afc1742fe82c1072b30

SHA1
a04811aa6ffb5a317d240ea7b60fa5f0373b64e5

SHA256
a57cc270a953c7a04c7a5a8efa38166cbe0b8616378f8e807c41839add44fe19

SHA512
00203b6f8544595d07c8945e288b37538ca7ababf191d73a46c1b3d55b42c16f1795cb390ee48c5f80b0955d83cb6fd8c598d5445f3434964faad62d801f597e

Download Submit
C:\Windows\system32\MRT.exe

Filesize
142.7MB

MD5
01bb6618647c7afc1742fe82c1072b30

SHA1
a04811aa6ffb5a317d240ea7b60fa5f0373b64e5

SHA256
a57cc270a953c7a04c7a5a8efa38166cbe0b8616378f8e807c41839add44fe19

SHA512
00203b6f8544595d07c8945e288b37538ca7ababf191d73a46c1b3d55b42c16f1795cb390ee48c5f80b0955d83cb6fd8c598d5445f3434964faad62d801f597e

Download Submit
\Windows\System32\MRT.exe

Filesize
142.7MB

MD5
01bb6618647c7afc1742fe82c1072b30

SHA1
a04811aa6ffb5a317d240ea7b60fa5f0373b64e5

SHA256
a57cc270a953c7a04c7a5a8efa38166cbe0b8616378f8e807c41839add44fe19

SHA512
00203b6f8544595d07c8945e288b37538ca7ababf191d73a46c1b3d55b42c16f1795cb390ee48c5f80b0955d83cb6fd8c598d5445f3434964faad62d801f597e

Download Submit
\Windows\System32\MRT.exe

Filesize
142.7MB

MD5
01bb6618647c7afc1742fe82c1072b30

SHA1
a04811aa6ffb5a317d240ea7b60fa5f0373b64e5

SHA256
a57cc270a953c7a04c7a5a8efa38166cbe0b8616378f8e807c41839add44fe19

SHA512
00203b6f8544595d07c8945e288b37538ca7ababf191d73a46c1b3d55b42c16f1795cb390ee48c5f80b0955d83cb6fd8c598d5445f3434964faad62d801f597e

Download Submit
\Windows\System32\MRT.exe

Filesize
142.7MB

MD5
01bb6618647c7afc1742fe82c1072b30

SHA1
a04811aa6ffb5a317d240ea7b60fa5f0373b64e5

SHA256
a57cc270a953c7a04c7a5a8efa38166cbe0b8616378f8e807c41839add44fe19

SHA512
00203b6f8544595d07c8945e288b37538ca7ababf191d73a46c1b3d55b42c16f1795cb390ee48c5f80b0955d83cb6fd8c598d5445f3434964faad62d801f597e

Download Submit
\Windows\System32\MRT.exe

Filesize
142.7MB

MD5
01bb6618647c7afc1742fe82c1072b30

SHA1
a04811aa6ffb5a317d240ea7b60fa5f0373b64e5

SHA256
a57cc270a953c7a04c7a5a8efa38166cbe0b8616378f8e807c41839add44fe19

SHA512
00203b6f8544595d07c8945e288b37538ca7ababf191d73a46c1b3d55b42c16f1795cb390ee48c5f80b0955d83cb6fd8c598d5445f3434964faad62d801f597e

Download Submit
\Windows\Temp\92A1C69D-FDE2-BC43-7283-33A7E1B03B7B\MPGEAR.DLL

Filesize
607KB

MD5
a0c4ac6378ce0313955dccfd2d9208a6

SHA1
7ee2f0f3bf4504f4f7bbc63cb5fa883711c13801

SHA256
abbe3285c58c830314f9f0ad2ddc769139c0d808e27893290adc69a535b996b1

SHA512
72ea9f0d7399fa5d6865f3f887ffa07098b883b1428b33dcb552a40bb22ca6a461a546736667ca1aa97e5f06dffd10dab765c7f6e3e827dd0335b562b27d2fb5

Download Submit
memory/1088-58-0x000007FEFBEE1000-0x000007FEFBEE3000-memory.dmp

Filesize
8KB

Download