Overview

overview

8

Static

static

1

ECEC21BC45...C9.exe

windows7-x64

8

ECEC21BC45...C9.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-03-2023 16:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ECEC21BC458DA2A9F57365C6B937A4C9.exe

  • Size

    1.8MB

  • MD5

    ecec21bc458da2a9f57365c6b937a4c9

  • SHA1

    755ef702c8b7da9312f696788f333292a51f2d48

  • SHA256

    563b8804db86f842d0cd46ff0129a877271e8145f2bbc8eca6ba6106f7a0afd9

  • SHA512

    65bd4598ff7c9afb809eee70a4250e5dafbacbb624ffcc8534d2127c837e8ac9c70fbedbb1cbd90d95b33c469dea2eb0183d3fb57e5e0d966e2972d7243586aa

  • SSDEEP

    49152:5akK7v1gAdM+m+s2jkeMci3ZbfC5S+mti1N7048oBbdTuCg353u9TDam:Q57vqFEsEMci3ZbfCB1N70yu/A93

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ECEC21BC458DA2A9F57365C6B937A4C9.exe
    "C:\Users\Admin\AppData\Local\Temp\ECEC21BC458DA2A9F57365C6B937A4C9.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3008
    • C:\Users\Admin\AppData\Local\Temp\is-0R6H6.tmp\ECEC21BC458DA2A9F57365C6B937A4C9.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-0R6H6.tmp\ECEC21BC458DA2A9F57365C6B937A4C9.tmp" /SL5="$601CA,1643523,54272,C:\Users\Admin\AppData\Local\Temp\ECEC21BC458DA2A9F57365C6B937A4C9.exe"
      2⤵
      • Executes dropped EXE
      PID:4640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-0R6H6.tmp\ECEC21BC458DA2A9F57365C6B937A4C9.tmp
    Filesize

    687KB

    MD5

    8f144bcbcad0417e7823dd8e60218530

    SHA1

    9df092a764b8ad278ed574f00d1c065683eef6ac

    SHA256

    39dfa032878743bba8244c73173c263e669131f0084a38f22c52b1383f627ba0

    SHA512

    e093f69030fee17d8b55bde8337d409e8dfb583c97a81ed37425fb72122318d4c1f996d0d1bca28f24182ff5c8afe2be25eadc27951463ddca5c0abceca2a72d

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\is-0R6H6.tmp\ECEC21BC458DA2A9F57365C6B937A4C9.tmp
    Filesize

    687KB

    MD5

    8f144bcbcad0417e7823dd8e60218530

    SHA1

    9df092a764b8ad278ed574f00d1c065683eef6ac

    SHA256

    39dfa032878743bba8244c73173c263e669131f0084a38f22c52b1383f627ba0

    SHA512

    e093f69030fee17d8b55bde8337d409e8dfb583c97a81ed37425fb72122318d4c1f996d0d1bca28f24182ff5c8afe2be25eadc27951463ddca5c0abceca2a72d

    Download Submit
  • memory/3008-133-0x0000000000400000-0x0000000000414000-memory.dmp
    Filesize

    80KB

    Download
  • memory/3008-145-0x0000000000400000-0x0000000000414000-memory.dmp
    Filesize

    80KB

    Download
  • memory/4640-144-0x0000000002230000-0x0000000002231000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4640-146-0x0000000000400000-0x00000000004BC000-memory.dmp
    Filesize

    752KB

    Download