Overview

overview

6

Static

static

3

CAN0601_FA...rq.exe

windows7-x64

6

CAN0601_FA...rq.exe

windows10-2004-x64

6

~~~~~~~~~~...TS.dll

windows7-x64

1

~~~~~~~~~~...TS.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    108s
  • max time network
    173s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-07-2023 22:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CAN0601_FACT_URAPBBASFKMCVRZAVGbeqrq.exe

  • Size

    249.9MB

  • MD5

    df5bb837ff6623d2a234cee13da8e5d7

  • SHA1

    654f8bc4a5650501825794a5aa7ebe53369cf9c1

  • SHA256

    3536d3f8cbcf585445d364696c1a8644db128c2623131627049e74648f2f8f6c

  • SHA512

    edbabce30b2676736d3bba0ad3fec07b508a9f3e40f5d62e7ec288f9db0bbee5efcdee2dce1dc2af88ed8bc15e2c62d70fd20ce9a6d8576263c86fd5d617a122

  • SSDEEP

    98304:V+/dg75HmbOIvx1Ot67Aeq57P7nCpV3kyeQ6MyuFVFEKpdo0ESnrh1kcIh1uszge:V+UEA6MYV3k0Txno/5/Tz4m

Score
6/10

Malware Config

Signatures

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious behavior: EnumeratesProcesses 22 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\CAN0601_FACT_URAPBBASFKMCVRZAVGbeqrq.exe
    "C:\Users\Admin\AppData\Local\Temp\CAN0601_FACT_URAPBBASFKMCVRZAVGbeqrq.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:4768

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4768-133-0x00000000123C0000-0x00000000123C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4768-134-0x0000000000380000-0x0000000001380000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/4768-135-0x00000000123C0000-0x00000000123C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4768-139-0x0000000000380000-0x0000000001380000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/4768-140-0x0000000000380000-0x0000000001380000-memory.dmp

    Filesize

    16.0MB

    Download