Overview

overview

8

Static

static

3

4c3fc3e4c7...be.exe

windows7-x64

8

4c3fc3e4c7...be.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    120s
  • max time network
    117s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/01/2024, 19:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4c3fc3e4c7b0c301a4cc0fc50c8361be.exe

  • Size

    61KB

  • MD5

    4c3fc3e4c7b0c301a4cc0fc50c8361be

  • SHA1

    12c24ad4559e1d542a7ee956352ab763f051ad15

  • SHA256

    d90cf1e898a268bf5f17e18a334a344f9900802a062bebc1e55152843bec580e

  • SHA512

    1d3924f31fb237f309ea0072af114f313a1fb44fd5b08d241ce6657f92f409e817d426457cc7ced70822fdbebb4a72a4dcb630eb67f66d4622e9bcb1e2df7290

  • SSDEEP

    1536:qvqepQ1rna0ptN5/SJ90PhGFLWyi1K+AEV8xuxSY:wpAja0pf5/SuWWTw/EVL3

Score
8/10

Malware Config

Signatures

  • Drops file in Drivers directory 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4c3fc3e4c7b0c301a4cc0fc50c8361be.exe
    "C:\Users\Admin\AppData\Local\Temp\4c3fc3e4c7b0c301a4cc0fc50c8361be.exe"
    1⤵
    • Drops file in Drivers directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4672
    • C:\Windows\SysWOW64\drivers\spcolsv.exe
      C:\Windows\system32\drivers\spcolsv.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:4168

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\drivers\spcolsv.exe
    Filesize

    19KB

    MD5

    d994dda93929ca5088bd63b950d50e21

    SHA1

    229a53ac9bdbff975c3518ee3f228753406f6eae

    SHA256

    48981f5adff5af0f61ad503ba37217174b7ad99c5848ce760e340a662a42a348

    SHA512

    05397a84bb4a226e60a82a13614e9acae538570d2221066f93f029322e7bc26a4c992b6614a53c04aa691788a9977c77f1a1c677c2f04e0887e478d79a42387f

    Download Submit

  • C:\Windows\SysWOW64\drivers\spcolsv.exe
    Filesize

    9KB

    MD5

    5c490aa08bc6d45d5db71f69c63ed525

    SHA1

    19a99a723179db44761a788ed9c3b7b90eb8edcd

    SHA256

    aea967e9b90d35e72f0f3ba3d27a6237eefec6e2ebdcf12b4884a491c6aacfc5

    SHA512

    5ebe7bf691fa8c54b39136b73b318ac454585861a7fddfbdc8df3bf67e801edeba86967f02bad8fac34c48eec62abb10045151a869aa9089a8f692729c5cb2d2

    Download Submit

  • memory/4168-4-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/4672-5-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download