Overview

overview

4

Static

static

1

Spybot.exe

windows7-x64

4

Spybot.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    143s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-06-2023 12:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Spybot.exe

  • Size

    49.3MB

  • MD5

    c46099e1df46092ad8c761a07cf9f1a9

  • SHA1

    f9f89f5e6e5270c9ddd7f99e8812ea16b559cb61

  • SHA256

    3a4f6593091401ef96264e23f78ce4d6a94705d6eb6378da056703e87062a238

  • SHA512

    8619687d92cf9354fca81d3763c4fb8ee3c89a78b28b8fa0d3b5e3e93a91fb256f26ae86d8997a0c0f1ebdd3847421092b68cf0ac5b4942a413a55ff9b3f8b15

  • SSDEEP

    1572864:wAU4mMA+kDlk1s84sOUfcZ93bTA6xhHxkvb6:d31A84V4ec6xhHxA6

Score
4/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Script User-Agent 1 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Spybot.exe
    "C:\Users\Admin\AppData\Local\Temp\Spybot.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2576
    • C:\Users\Admin\AppData\Local\Temp\is-VE0JC.tmp\Spybot.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-VE0JC.tmp\Spybot.tmp" /SL5="$801CE,51186013,173056,C:\Users\Admin\AppData\Local\Temp\Spybot.exe"
      2⤵
      • Executes dropped EXE
      PID:1988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-VE0JC.tmp\Spybot.tmp
    Filesize

    1.2MB

    MD5

    7b1bb7fee81b0453d250e6660038586a

    SHA1

    f05bc1aa5b0cd29798cf001d5a84b8db5885b092

    SHA256

    167e107ed7e01c94da88bc27b64abc7bb6a3509188fbe547c1a76941e3ca2b31

    SHA512

    c80eb553dbac5a9efa0daa9f4d0318dafd079105966fa5a42a180747981407b388864a8043a90a2df36372571fa7984b0b3e77c959ca42ceadd3e96e0fd5c644

    Download Submit

  • memory/1988-138-0x0000000002190000-0x0000000002191000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1988-142-0x0000000000400000-0x0000000000539000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/1988-143-0x0000000002190000-0x0000000002191000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2576-133-0x0000000000400000-0x0000000000434000-memory.dmp

    Filesize

    208KB

    Download

  • memory/2576-141-0x0000000000400000-0x0000000000434000-memory.dmp

    Filesize

    208KB

    Download