Overview

overview

7

Static

static

3

fc5af636f5...69.exe

windows7-x64

7

fc5af636f5...69.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    21/08/2023, 06:40

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    fc5af636f5cf9f8627a36a03e858e60e2eb1c38b4c900e3cb3140c27389b4269.exe

  • Size

    14.0MB

  • MD5

    6140c437d0f60a4f4173a001aabbc583

  • SHA1

    7795d7481405f1585fc31f52d91ffaafbf202c40

  • SHA256

    fc5af636f5cf9f8627a36a03e858e60e2eb1c38b4c900e3cb3140c27389b4269

  • SHA512

    9a9d18784902f6c514201bafe3340876ebd37419783563c9b48dfb40c0bbb57e9b3e9b5785dc20d5e7decfe22ed8fb9b5f369d11832b0958d8305a0951f6f6b6

  • SSDEEP

    196608:drBVOFQVjsOTSpx/fKxE6mCsj3GhMpSeA6jqGMbfMK6eK3tx+8AMkk5aZ:xrkgx9mDjzWGYMK6XLlAMk6c

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fc5af636f5cf9f8627a36a03e858e60e2eb1c38b4c900e3cb3140c27389b4269.exe
    "C:\Users\Admin\AppData\Local\Temp\fc5af636f5cf9f8627a36a03e858e60e2eb1c38b4c900e3cb3140c27389b4269.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2392
    • C:\Users\Admin\AppData\Local\Temp\is-BKD35.tmp\fc5af636f5cf9f8627a36a03e858e60e2eb1c38b4c900e3cb3140c27389b4269.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-BKD35.tmp\fc5af636f5cf9f8627a36a03e858e60e2eb1c38b4c900e3cb3140c27389b4269.tmp" /SL5="$80120,13760596,855552,C:\Users\Admin\AppData\Local\Temp\fc5af636f5cf9f8627a36a03e858e60e2eb1c38b4c900e3cb3140c27389b4269.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2576

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\is-BKD35.tmp\fc5af636f5cf9f8627a36a03e858e60e2eb1c38b4c900e3cb3140c27389b4269.tmp
          Filesize

          3.0MB

          MD5

          533daf3daae0ef9a99398c080b2030ca

          SHA1

          ceabea3c6bab9d8703dbd21a34b3657bd2a7a8f2

          SHA256

          3a20a1ddd32722defd6d2afeae56749a2e3ce31a2bffe653a2d8db744c53998c

          SHA512

          813fb79d4e54cc67a25c9f67a9c0c6d56d64b1b4a49ed32c9df2a8fe51eac2bf93e26bff28e179097204135295df4f9dce4d374630b25e60ffc39fc57e7b3a1e

          Download Submit

        • \Users\Admin\AppData\Local\Temp\is-BKD35.tmp\fc5af636f5cf9f8627a36a03e858e60e2eb1c38b4c900e3cb3140c27389b4269.tmp
          Filesize

          3.0MB

          MD5

          533daf3daae0ef9a99398c080b2030ca

          SHA1

          ceabea3c6bab9d8703dbd21a34b3657bd2a7a8f2

          SHA256

          3a20a1ddd32722defd6d2afeae56749a2e3ce31a2bffe653a2d8db744c53998c

          SHA512

          813fb79d4e54cc67a25c9f67a9c0c6d56d64b1b4a49ed32c9df2a8fe51eac2bf93e26bff28e179097204135295df4f9dce4d374630b25e60ffc39fc57e7b3a1e

          Download Submit

        • memory/2392-54-0x0000000000400000-0x00000000004DE000-memory.dmp

          Filesize

          888KB

          Download

        • memory/2392-63-0x0000000000400000-0x00000000004DE000-memory.dmp

          Filesize

          888KB

          Download

        • memory/2576-61-0x0000000000250000-0x0000000000251000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2576-64-0x0000000000400000-0x0000000000718000-memory.dmp

          Filesize

          3.1MB

          Download

        • memory/2576-65-0x0000000000250000-0x0000000000251000-memory.dmp

          Filesize

          4KB

          Download