8fb7dd4012ce5353c4931eff61bd18c743bc90f363b45c1245888befae8a46c9

Analysis

max time kernel
117s
max time network
129s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
16/08/2023, 04:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8fb7dd4012ce5353c4931eff61bd18c743bc90f363b45c1245888befae8a46c9.exe
Size

14.7MB
MD5

59222ac0f46dc4a51f12cbabe9974f17
SHA1

4978c08b4299df651d7a191cce50831f0bc72e88
SHA256

8fb7dd4012ce5353c4931eff61bd18c743bc90f363b45c1245888befae8a46c9
SHA512

bc32d57d169115e9c537246c63df524cdb4cc0638a97f49b20f59adc734021428b14394561d5c29e9b815ad231f6cf0ba0d4d3dacf25ecbb00db1009f98b75c8
SSDEEP

98304:YiiRTjwKlg3LkPXHOMz360kXy7FVURChEjEFNjrA/yZnB:sgeXHOyFAtjEH3A/8nB

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1644	frpc_240.exe

Loads dropped DLL 2 IoCs

pid	Process
2508	cmd.exe
2508	cmd.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2268	8fb7dd4012ce5353c4931eff61bd18c743bc90f363b45c1245888befae8a46c9.exe
1644	frpc_240.exe
1644	frpc_240.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2268	8fb7dd4012ce5353c4931eff61bd18c743bc90f363b45c1245888befae8a46c9.exe
2268	8fb7dd4012ce5353c4931eff61bd18c743bc90f363b45c1245888befae8a46c9.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 2508	2268	8fb7dd4012ce5353c4931eff61bd18c743bc90f363b45c1245888befae8a46c9.exe	28
PID 2268 wrote to memory of 2508	2268	8fb7dd4012ce5353c4931eff61bd18c743bc90f363b45c1245888befae8a46c9.exe	28
PID 2268 wrote to memory of 2508	2268	8fb7dd4012ce5353c4931eff61bd18c743bc90f363b45c1245888befae8a46c9.exe	28
PID 2268 wrote to memory of 2508	2268	8fb7dd4012ce5353c4931eff61bd18c743bc90f363b45c1245888befae8a46c9.exe	28
PID 2508 wrote to memory of 1644	2508	cmd.exe	31
PID 2508 wrote to memory of 1644	2508	cmd.exe	31
PID 2508 wrote to memory of 1644	2508	cmd.exe	31
PID 2508 wrote to memory of 1644	2508	cmd.exe	31

C:\Users\Admin\AppData\Local\Temp\8fb7dd4012ce5353c4931eff61bd18c743bc90f363b45c1245888befae8a46c9.exe
"C:\Users\Admin\AppData\Local\Temp\8fb7dd4012ce5353c4931eff61bd18c743bc90f363b45c1245888befae8a46c9.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2508
- - C:\Users\Admin\AppData\Local\Temp\frpc_240.exe
    C:\Users\Admin\AppData\Local\Temp\frpc_240.exe -c C:\Users\Admin\AppData\Local\Temp\frpc.ini
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:1644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\frpc.ini

Filesize
165B

MD5
41bda2e1a2389858b80419e4b65928ee

SHA1
8e03332a92d9f7be04fed9ed87fb10b363167539

SHA256
0d9bcba1518235afae99fbebc2df48ca376748c942d7cfea4741f95669349182

SHA512
e8bcb4164125dda94befe7c7a91928791a4873870e0f2bda7a28bf9ffe2f073705cc899c937d528a70902557142d9aebe6ec377d83520ed6c97b8d368e456e12

Download Submit
C:\Users\Admin\AppData\Local\Temp\frpc_240.exe

Filesize
13.9MB

MD5
43b5f2c31268b0269b8f7c129354ac27

SHA1
ee6515013ff0df3ab676a735ab115480d0439f44

SHA256
3ffe3b1a774b7d26429dbad1baf930dc30d1cb66ca69209b2e792226e33bd466

SHA512
bebd5622e42a46514bc6e0d2d93daa43cb2d3be3d53ffc70d6d40954d054d00834b5088c70b724352eac44ac750ad8957f66a6be11891cd607fcaf88dd8cbb8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\frpc_240.exe

Filesize
13.9MB

MD5
43b5f2c31268b0269b8f7c129354ac27

SHA1
ee6515013ff0df3ab676a735ab115480d0439f44

SHA256
3ffe3b1a774b7d26429dbad1baf930dc30d1cb66ca69209b2e792226e33bd466

SHA512
bebd5622e42a46514bc6e0d2d93daa43cb2d3be3d53ffc70d6d40954d054d00834b5088c70b724352eac44ac750ad8957f66a6be11891cd607fcaf88dd8cbb8c

Download Submit
\Users\Admin\AppData\Local\Temp\frpc_240.exe

Filesize
13.9MB

MD5
43b5f2c31268b0269b8f7c129354ac27

SHA1
ee6515013ff0df3ab676a735ab115480d0439f44

SHA256
3ffe3b1a774b7d26429dbad1baf930dc30d1cb66ca69209b2e792226e33bd466

SHA512
bebd5622e42a46514bc6e0d2d93daa43cb2d3be3d53ffc70d6d40954d054d00834b5088c70b724352eac44ac750ad8957f66a6be11891cd607fcaf88dd8cbb8c

Download Submit
\Users\Admin\AppData\Local\Temp\frpc_240.exe

Filesize
13.9MB

MD5
43b5f2c31268b0269b8f7c129354ac27

SHA1
ee6515013ff0df3ab676a735ab115480d0439f44

SHA256
3ffe3b1a774b7d26429dbad1baf930dc30d1cb66ca69209b2e792226e33bd466

SHA512
bebd5622e42a46514bc6e0d2d93daa43cb2d3be3d53ffc70d6d40954d054d00834b5088c70b724352eac44ac750ad8957f66a6be11891cd607fcaf88dd8cbb8c

Download Submit