Overview

overview

10

Static

static

10

45d8ac1ac6...78.exe

windows7-x64

1

45d8ac1ac6...78.exe

windows10-2004-x64

1

541825cb65...19.exe

windows7-x64

1

541825cb65...19.exe

windows10-2004-x64

6

5b7ecf7e9d...9e.exe

windows7-x64

1

5b7ecf7e9d...9e.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    105s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-02-2023 07:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    541825cb652606c2ea12fd25a842a8b3456d025841c3a7f563655ef77bb67219.exe

  • Size

    6.3MB

  • MD5

    aa4e99b717bcb7e916148a469e69788a

  • SHA1

    42fc554d8442a78a48dc624d3de59ae4515eed6d

  • SHA256

    541825cb652606c2ea12fd25a842a8b3456d025841c3a7f563655ef77bb67219

  • SHA512

    c6127eb47a24df060e8d81f95dd3fd4d0118b6fefbd38b25e6f23ac11f4ebdd0eecb61ddd79ef0cc9c4e52cdd36e823f99d5be389141f5ac9cead1b95d33f4ca

  • SSDEEP

    98304:knDGGNXjcnVUySYboN7jREuF26pv9cYqVismqW:WN6Uy5kNaULel

Score
6/10

Malware Config

Signatures

  • Drops desktop.ini file(s) 4 IoCs
  • Runs net.exe
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\541825cb652606c2ea12fd25a842a8b3456d025841c3a7f563655ef77bb67219.exe
    "C:\Users\Admin\AppData\Local\Temp\541825cb652606c2ea12fd25a842a8b3456d025841c3a7f563655ef77bb67219.exe"
    1⤵
    • Drops desktop.ini file(s)
    • Suspicious use of WriteProcessMemory
    PID:3628
    • C:\Windows\system32\cmd.exe
      cmd /C "net use \\10.10.3.42\c$ 23AS32df21 /user:adm-karsair"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1176
      • C:\Windows\system32\net.exe
        net use \\10.10.3.42\c$ 23AS32df21 /user:adm-karsair
        3⤵
          PID:1244

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\Contacts\ZGVza3RvcC5pbmk=.h0lyenc
      Filesize

      512B

      MD5

      81ddaa9009fe5e770202dd42ff5266c7

      SHA1

      fbeed630d0da3ca9614e15a2da88efc159e66d01

      SHA256

      7ee6cf77f6513897e1843cc50559f2f5d34dddfacd4c81449dda75022690a99e

      SHA512

      a196ca4cbf5459deb23ff04bd9cf8bd2e5d1d3c963b027afed6733adec5e508ded8dd24cdd51fec1e7d14d2174f4bb7b4e04d787dc0f31438acbc10ef6dce8c3

      Download Submit

    • C:\Users\Admin\Documents\ZGVza3RvcC5pbmk=.h0lyenc
      Filesize

      512B

      MD5

      55fe25f74951ab3800f3f58920216dd9

      SHA1

      ebf6e06d7021f36c507581e0ce6f31be37214d48

      SHA256

      786b80954876bb81381d5a68c6ded7d01836731577045173eb15a9f2935506fe

      SHA512

      5627718f13f1be77bde5d88853904e93f0005d766ad84866401a58b545b47f534b014492a73ad8c9f4d4fe8b85de3be30769a68083a2758818f9ccdc14d816a5

      Download Submit