Overview

overview

7

Static

static

3

85b44d3ef8...30.exe

windows7-x64

7

85b44d3ef8...30.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    112s
  • max time network
    130s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/02/2024, 02:35

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    85b44d3ef859dda4968d3436df496230.exe

  • Size

    241KB

  • MD5

    85b44d3ef859dda4968d3436df496230

  • SHA1

    40b7fafb44ee26a69a79d2df38a4066d5d267b42

  • SHA256

    4a25eda87fa154de897fd51cd38e7f4d44626a9f8fcd470c96023838e73cf707

  • SHA512

    82824cf8328cdd6eb25920f56dff3f82f9b741d8d3b3e838f6bebcaafb8d43238e11da783cd156c8ab194e73b3909e9d3c72642387bea5908a5b7517894249ac

  • SSDEEP

    6144:creezz5SF9Qb313lfeBEpU4ex7BbePnkv6dEnbnos9T:sAHo1JeBEpUv7Bqc6cl

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\85b44d3ef859dda4968d3436df496230.exe
    "C:\Users\Admin\AppData\Local\Temp\85b44d3ef859dda4968d3436df496230.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3480
    • C:\Users\Admin\AppData\Local\Temp\85b44d3ef859dda4968d3436df496230.exe
      C:\Users\Admin\AppData\Local\Temp\85b44d3ef859dda4968d3436df496230.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of UnmapMainImage
      • Suspicious use of WriteProcessMemory
      PID:3436
      • C:\Windows\SysWOW64\schtasks.exe
        schtasks.exe /CREATE /RL HIGHEST /SC ONLOGON /TR "C:\Users\Admin\AppData\Local\Temp\85b44d3ef859dda4968d3436df496230.exe" /TN Google_Trk_Updater /F
        3⤵
        • Creates scheduled task(s)
        PID:2112

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\85b44d3ef859dda4968d3436df496230.exe
          Filesize

          241KB

          MD5

          883ad9f38a36a03c48b97e591e9dcfba

          SHA1

          8a3b5e53b2d4803c8ca837c675986a37c64dd41d

          SHA256

          2000d09a0c63412f569b8b02d9102030bad47e4503479f2f1491abae55bfbc33

          SHA512

          fd34c7db9873a8fb27d018a1a39fa116dfb19ed97c3adcfeb415329c274b8c37b4422924007c5a3323164513306f26400b491cd835a48df928942f96d49f56eb

          Download Submit

        • memory/3436-13-0x0000000000400000-0x00000000004B7000-memory.dmp

          Filesize

          732KB

          Download

        • memory/3436-14-0x0000000001600000-0x00000000016B7000-memory.dmp

          Filesize

          732KB

          Download

        • memory/3436-15-0x0000000000400000-0x0000000000466000-memory.dmp

          Filesize

          408KB

          Download

        • memory/3436-20-0x0000000004F00000-0x0000000004F66000-memory.dmp

          Filesize

          408KB

          Download

        • memory/3436-21-0x0000000000400000-0x000000000045B000-memory.dmp

          Filesize

          364KB

          Download

        • memory/3480-0-0x0000000000400000-0x00000000004B7000-memory.dmp

          Filesize

          732KB

          Download

        • memory/3480-1-0x00000000016F0000-0x00000000017A7000-memory.dmp

          Filesize

          732KB

          Download

        • memory/3480-2-0x0000000000400000-0x0000000000466000-memory.dmp

          Filesize

          408KB

          Download

        • memory/3480-11-0x0000000000400000-0x0000000000466000-memory.dmp

          Filesize

          408KB

          Download