Overview

overview

3

Static

static

3

fe42725344...89.exe

windows7-x64

1

fe42725344...89.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    0s
  • max time network
    112s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-12-2023 22:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fe42725344cd6159ad1f16de673b3489.exe

  • Size

    42KB

  • MD5

    fe42725344cd6159ad1f16de673b3489

  • SHA1

    1233601b334aec0395286f90c2ecdf9791eda0d5

  • SHA256

    3c5064f604ce480fa5abc81e4ed7bf5aaaaa987d01a2086a5415bb66bb2d5eea

  • SHA512

    ba0f43569e17553dd914cdbe56eb1cbdf5216a7df2cc17ac56e07a3bb1ad0963c7a22b6fc9ad8b7b7c3565b00aaab6f5cd260a5974e54cc2e4641a829d7dec95

  • SSDEEP

    768:PddAox7lA6Ld8e8UAvzr360Nwik3v08zChm1mdzF93E:d7ldT8UALrKOJk3vhzXm5F93E

Score
3/10

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\fe42725344cd6159ad1f16de673b3489.exe
    "C:\Users\Admin\AppData\Local\Temp\fe42725344cd6159ad1f16de673b3489.exe"
    1⤵
      PID:2248
      • C:\Windows\System32\cmd.exe
        "C:\Windows\System32\cmd.exe" /c C:\Users\Admin\AppData\Local\Temp\svchost64.exe "C:\Users\Admin\AppData\Local\Temp\fe42725344cd6159ad1f16de673b3489.exe"
        2⤵
          PID:2828
      • C:\Windows\system32\schtasks.exe
        schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Windows\system32\services64.exe"'
        1⤵
        • Creates scheduled task(s)
        PID:3344
      • C:\Windows\System32\cmd.exe
        "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Windows\system32\services64.exe"' & exit
        1⤵
          PID:4652
        • C:\Users\Admin\AppData\Local\Temp\svchost64.exe
          C:\Users\Admin\AppData\Local\Temp\svchost64.exe "C:\Users\Admin\AppData\Local\Temp\fe42725344cd6159ad1f16de673b3489.exe"
          1⤵
            PID:2928
            • C:\Windows\System32\cmd.exe
              "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\svchost64.exe"
              2⤵
                PID:3504
              • C:\Windows\system32\services64.exe
                "C:\Windows\system32\services64.exe"
                2⤵
                  PID:4556
              • C:\Windows\system32\choice.exe
                choice /C Y /N /D Y /T 3
                1⤵
                  PID:964

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • memory/2248-0-0x0000000000F60000-0x0000000000F70000-memory.dmp

                  Filesize

                  64KB

                  Download

                • memory/2248-3-0x00007FF851B30000-0x00007FF8525F1000-memory.dmp

                  Filesize

                  10.8MB

                  Download

                • memory/2248-26-0x00007FF851B30000-0x00007FF8525F1000-memory.dmp

                  Filesize

                  10.8MB

                  Download

                • memory/2928-8-0x000000001C110000-0x000000001C122000-memory.dmp

                  Filesize

                  72KB

                  Download

                • memory/2928-10-0x000000001C250000-0x000000001C260000-memory.dmp

                  Filesize

                  64KB

                  Download

                • memory/2928-9-0x00007FF8517B0000-0x00007FF852271000-memory.dmp

                  Filesize

                  10.8MB

                  Download

                • memory/2928-7-0x00000000007A0000-0x00000000007AE000-memory.dmp

                  Filesize

                  56KB

                  Download

                • memory/2928-25-0x00007FF8517B0000-0x00007FF852271000-memory.dmp

                  Filesize

                  10.8MB

                  Download

                • memory/4556-23-0x00007FF8517B0000-0x00007FF852271000-memory.dmp

                  Filesize

                  10.8MB

                  Download

                • memory/4556-27-0x00007FF8517B0000-0x00007FF852271000-memory.dmp

                  Filesize

                  10.8MB

                  Download