Overview

overview

7

Static

static

3

8fb7dd4012...c9.exe

windows7-x64

7

8fb7dd4012...c9.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    82s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/08/2023, 04:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8fb7dd4012ce5353c4931eff61bd18c743bc90f363b45c1245888befae8a46c9.exe

  • Size

    14.7MB

  • MD5

    59222ac0f46dc4a51f12cbabe9974f17

  • SHA1

    4978c08b4299df651d7a191cce50831f0bc72e88

  • SHA256

    8fb7dd4012ce5353c4931eff61bd18c743bc90f363b45c1245888befae8a46c9

  • SHA512

    bc32d57d169115e9c537246c63df524cdb4cc0638a97f49b20f59adc734021428b14394561d5c29e9b815ad231f6cf0ba0d4d3dacf25ecbb00db1009f98b75c8

  • SSDEEP

    98304:YiiRTjwKlg3LkPXHOMz360kXy7FVURChEjEFNjrA/yZnB:sgeXHOyFAtjEH3A/8nB

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8fb7dd4012ce5353c4931eff61bd18c743bc90f363b45c1245888befae8a46c9.exe
    "C:\Users\Admin\AppData\Local\Temp\8fb7dd4012ce5353c4931eff61bd18c743bc90f363b45c1245888befae8a46c9.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:716
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4080
      • C:\Users\Admin\AppData\Local\Temp\frpc_240.exe
        C:\Users\Admin\AppData\Local\Temp\frpc_240.exe -c C:\Users\Admin\AppData\Local\Temp\frpc.ini
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        PID:4052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\frpc.ini
    Filesize

    165B

    MD5

    41bda2e1a2389858b80419e4b65928ee

    SHA1

    8e03332a92d9f7be04fed9ed87fb10b363167539

    SHA256

    0d9bcba1518235afae99fbebc2df48ca376748c942d7cfea4741f95669349182

    SHA512

    e8bcb4164125dda94befe7c7a91928791a4873870e0f2bda7a28bf9ffe2f073705cc899c937d528a70902557142d9aebe6ec377d83520ed6c97b8d368e456e12

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\frpc_240.exe
    Filesize

    13.9MB

    MD5

    43b5f2c31268b0269b8f7c129354ac27

    SHA1

    ee6515013ff0df3ab676a735ab115480d0439f44

    SHA256

    3ffe3b1a774b7d26429dbad1baf930dc30d1cb66ca69209b2e792226e33bd466

    SHA512

    bebd5622e42a46514bc6e0d2d93daa43cb2d3be3d53ffc70d6d40954d054d00834b5088c70b724352eac44ac750ad8957f66a6be11891cd607fcaf88dd8cbb8c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\frpc_240.exe
    Filesize

    13.9MB

    MD5

    43b5f2c31268b0269b8f7c129354ac27

    SHA1

    ee6515013ff0df3ab676a735ab115480d0439f44

    SHA256

    3ffe3b1a774b7d26429dbad1baf930dc30d1cb66ca69209b2e792226e33bd466

    SHA512

    bebd5622e42a46514bc6e0d2d93daa43cb2d3be3d53ffc70d6d40954d054d00834b5088c70b724352eac44ac750ad8957f66a6be11891cd607fcaf88dd8cbb8c

    Download Submit