Analysis
-
max time kernel
174s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
28/12/2023, 22:30
Static task
static1
Behavioral task
behavioral1
Sample
fcf0d36f350acc55dd76b8258c31eae1.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
fcf0d36f350acc55dd76b8258c31eae1.exe
Resource
win10v2004-20231215-en
General
-
Target
fcf0d36f350acc55dd76b8258c31eae1.exe
-
Size
967KB
-
MD5
fcf0d36f350acc55dd76b8258c31eae1
-
SHA1
b76604e033148c6a108624aa3b511480ee24988c
-
SHA256
73fefdfc634bee3576bb98cf11390bc2882497845b2bf63a4fae9844e83f01dc
-
SHA512
1cd2f828bcd46894393feaee56b8a90377856335f4315fd3d0c96db398a373e452b09385c29708ff1ca553155a3973dace03e0e750233fa6df2ace2b576649ca
-
SSDEEP
24576:82Q7NWUR6DUV7fovQchoiMkN0mSORLX+eLSC:lQMu6oVZ8Xp
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2784 rjmjmvww2 -
Drops file in Windows directory 1 IoCs
description ioc Process File created C:\Windows\rjmjmvww2 fcf0d36f350acc55dd76b8258c31eae1.exe -
Checks processor information in registry 2 TTPs 4 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\hardware\DESCRIPTION\System\CentralProcessor\0 fcf0d36f350acc55dd76b8258c31eae1.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier fcf0d36f350acc55dd76b8258c31eae1.exe Key opened \REGISTRY\MACHINE\hardware\DESCRIPTION\System\CentralProcessor\0 rjmjmvww2 Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier rjmjmvww2 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2712 wrote to memory of 2784 2712 fcf0d36f350acc55dd76b8258c31eae1.exe 29 PID 2712 wrote to memory of 2784 2712 fcf0d36f350acc55dd76b8258c31eae1.exe 29 PID 2712 wrote to memory of 2784 2712 fcf0d36f350acc55dd76b8258c31eae1.exe 29 PID 2712 wrote to memory of 2784 2712 fcf0d36f350acc55dd76b8258c31eae1.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\fcf0d36f350acc55dd76b8258c31eae1.exe"C:\Users\Admin\AppData\Local\Temp\fcf0d36f350acc55dd76b8258c31eae1.exe"1⤵
- Drops file in Windows directory
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:2712 -
C:\Windows\rjmjmvww2C:\Windows\rjmjmvww22⤵
- Executes dropped EXE
- Checks processor information in registry
PID:2784
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
967KB
MD5fcf0d36f350acc55dd76b8258c31eae1
SHA1b76604e033148c6a108624aa3b511480ee24988c
SHA25673fefdfc634bee3576bb98cf11390bc2882497845b2bf63a4fae9844e83f01dc
SHA5121cd2f828bcd46894393feaee56b8a90377856335f4315fd3d0c96db398a373e452b09385c29708ff1ca553155a3973dace03e0e750233fa6df2ace2b576649ca