Overview

overview

7

Static

static

3

8cc4afd117...71.exe

windows7-x64

7

8cc4afd117...71.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    125s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    03/02/2024, 16:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8cc4afd117dbc0c589684bfc61962171.exe

  • Size

    48KB

  • MD5

    8cc4afd117dbc0c589684bfc61962171

  • SHA1

    73816fad50d2060fa2a8f6278c9625b7ffe0033d

  • SHA256

    99479b3950863d64a8a17e6fad87248fb3dc4bde2d3be97e52e686dc9840cbdb

  • SHA512

    0f222b2bd388a22b80d30fc56972f32fba7b614e47b2f96bffdf6c6720bc5b535d37f4b9ea64188e9d1c2250c7c959bf2b3b815165390f92da7a6065e67678d9

  • SSDEEP

    768:r01ev7VZ6asiB9Z28l3R0RlIP80HlrgH6vnUAQroZ:uuxoaK4clIUOlMavUAQro

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Drops file in System32 directory 42 IoCs
  • Modifies data under HKEY_USERS 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8cc4afd117dbc0c589684bfc61962171.exe
    "C:\Users\Admin\AppData\Local\Temp\8cc4afd117dbc0c589684bfc61962171.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2324
    • C:\Windows\SysWOW64\CScript.exe
      CScript /nologo C:\\Users\\Admin\\AppData\\Local\\Temp\\updctbs.js
      2⤵
      • Deletes itself
      PID:1512
  • C:\Windows\system32\wbem\scrcons.exe
    C:\Windows\system32\wbem\scrcons.exe -Embedding
    1⤵
    • Drops file in System32 directory
    • Modifies data under HKEY_USERS
    PID:2476
  • C:\Windows\system32\wbem\scrcons.exe
    C:\Windows\system32\wbem\scrcons.exe -Embedding
    1⤵
    • Drops file in System32 directory
    • Modifies data under HKEY_USERS
    PID:1896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\updctbs.js
    Filesize

    379B

    MD5

    50c6ceb3c570732b3e280a5cea551690

    SHA1

    39547f096e5ae63a526b242a9f79e09d370187bd

    SHA256

    70d2d85d4b9ad7391b8833c4bff43963394d5f931767d045328bb88abceda35b

    SHA512

    c3ce8c58766d812b4684ca49b2b51813001dad5af2646c76bdf620dea6c6e864cc0ac83edd74f7069395f335e0fccf3e7e09bd0b8dd43d3630831c224faa3cad

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f235ac43a08f4240482e51277267dc10

    SHA1

    56199569489e1bef7f568ea38bb6e6e9b3353353

    SHA256

    975b0d30dea4bd63cafd1b63d1772e4f690d7f56e2f397a75ec886f515f2e3b6

    SHA512

    080c72abf750cea290907b3849c10bfa957e5b06b4c526fc7edd07ad6f6de8b61c75caf373e5fbadf7053a157c6edba9cf5991f05264cf3feb8917abebeeb457

    Download Submit

  • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    f1e56de9f3c7428bda57869fa6f844a9

    SHA1

    5f66d7bd0951fcb8c928835e98aede7207ed3b6f

    SHA256

    4dd90035dc35734f8acacfaa70e178cee1e0596f489d682def5be9056e620bfa

    SHA512

    eb59e2499a25719248f3b4451c799fb36c86994f2d2db922889e3a561af86285312389e18052c99ffb15c3cb010a57170d6d70cf99157a4e559e12c6326b1a81

    Download Submit

  • C:\Windows\Temp\CabFAC.tmp
    Filesize

    29KB

    MD5

    d59a6b36c5a94916241a3ead50222b6f

    SHA1

    e274e9486d318c383bc4b9812844ba56f0cff3c6

    SHA256

    a38d01d3f024e626d579cf052ac3bd4260bb00c34bc6085977a5f4135ab09b53

    SHA512

    17012307955fef045e7c13bf0613bd40df27c29778ba6572640b76c18d379e02dc478e855c9276737363d0ad09b9a94f2adaa85da9c77ebb3c2d427aa68e2489

    Download Submit

  • C:\Windows\Temp\Tar1158.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
    Filesize

    1KB

    MD5

    9cda55c18c12aba16d65fa8af5ed2df1

    SHA1

    7858cf2656e0455f69c27707c32c9a2bf137fb1d

    SHA256

    3533a284b6798e55f735a0561dfbb9346fc89b4bdd52d0aa6b808c28556b378f

    SHA512

    c7d424bf6604d4c45c0edec6e5e881b332c25b6e32a268f01c39be690ca2ca6f1b55841545f29c9d02e018cfda5bbb189ba4047a6b4652508b43dac31125c7b9

    Download Submit

  • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_CE21678B3713ACF5F5ED4AAA700C6173
    Filesize

    1KB

    MD5

    68ec1bdcfd1ce10e8f7804f99a66cb6a

    SHA1

    10a22bb06acc395f023fc2bed20e503e29decf8b

    SHA256

    7794a101938a20b0484cfc87f0cb8d11ed9a72e6c899edf5814b1a2da6dc73e8

    SHA512

    9d6460b947697c895cda877d374ce5285b5c64f855ba9d889d1112a640f84a732075a74668d2d08a61b5ed36b770a9a8e500752b40871bcb4559e5679f33b471

    Download Submit

  • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8
    Filesize

    1KB

    MD5

    5628b41b06dc91e422da87011aa073ff

    SHA1

    e84680c14cdfedb052f3aea5444b1bf1dd509b38

    SHA256

    0cff3d7fb25526e81fbe3ce27b80d6d1974843053b2d3066b65c9a8dcb83ef9c

    SHA512

    7ebed68448dc7d49cf00958e62226b5285df4762a04c2cb2a8b82e9a1ff721f2542ac6981341ae4827c4c94ab521ec4e48719fb22fefa7f6586d86af8ac9494b

    Download Submit

  • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3
    Filesize

    1KB

    MD5

    f6b7f541c587365546100eff2570e73e

    SHA1

    eb0d17fc7b62518bf9fa5f942c35c40e952bff34

    SHA256

    df1a1f95bf9d7aa7dd28c8de8ca015b02cc2d8835cd1baab3b7da41b64bfaa7a

    SHA512

    bd1ba2865979e818337fab75c19671c10da36a3cd8a77c6d774c4674de801df9405c70c0f97aac092d2d883ace9dfcf4cc7d0295e58c3465712e8ffda7351d15

    Download Submit

  • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
    Filesize

    2KB

    MD5

    bdeab734525d62d463710f91b9864678

    SHA1

    7c7f8db8b6252cbec1162715f971da981ec0ccce

    SHA256

    35c7696727d4aff76cffbf07c95fe841aae6f0e1d03bba55294d3553e3fbbe39

    SHA512

    05d5484a348582f9487448261667fd9fea1a0263b34aa6210ee97d7b20dbdf24530f893cf8d4939c1190bbfea09e7e93556c85183045184df7e4ddcbcf538a52

    Download Submit

  • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
    Filesize

    1KB

    MD5

    42ab385570985841c3cc0b1d76cb2cd4

    SHA1

    d1a31de0a3575f85bfe2957d715752ac48fbb83a

    SHA256

    0b4322f00098fa8dd38ed4d70ca43eeccbb23ffc430bd92957bf8f1650b82358

    SHA512

    45b88a84e37761630706a26b7c2b51df34dd6027fc8efac69683c21d6ac943d4f9eafe01a253463b160a712461fbb64eff61e3029e73097f0f4ae1372a3277e2

    Download Submit

  • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D03E46CD585BBE111C712E6577BC5F07_C1E077402F942CF5DBE2F967DF57BA6C
    Filesize

    471B

    MD5

    97997d23e35a960fc6ad9ab8c985966f

    SHA1

    3cd51495c1d6faf755b12cb9126113402b49a56c

    SHA256

    15ccdc3bd89ad41c7f116954abbee12a26e29407a121b2344819bb55acbae0e0

    SHA512

    dce55395615d73d0e44880c490310e7305e10061453b375f52dbeb37e3e26c9922ec2bd8ef5dcb05471b75edd5c1c81154043dbb90c64657c0907104e36af124

    Download Submit

  • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
    Filesize

    508B

    MD5

    4107a19be4e37a5f592d1b6b7a6d8f0b

    SHA1

    be3261a0f4ed3f6c5f23f4e432b8f903946694bc

    SHA256

    04900e27010d330dbb7b78ff6d66d50da717c43dbc7b2d9c430c3116df420109

    SHA512

    c0ea409cc3ac5d4d8c3a394397e43529319652f1aa33a17ed9a4e243896cec03ca7c064d4500ec03985f0ddc0e24a4cfd658ff3ec86bbaa3ca8327faba53c780

    Download Submit

  • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_CE21678B3713ACF5F5ED4AAA700C6173
    Filesize

    540B

    MD5

    5428c9c8697b2da6c7a14b853fe02f36

    SHA1

    9a481b042028c445b11f3f4fff6ef70155d5f8d0

    SHA256

    422ff5fe0f286d7a57a89463d61c004552087f87c029e9f5cac555c12b374e21

    SHA512

    39229a5373cdf2b092e678b6d6bdab8c3a5a8f48c380321a003bfa39fea46f421bdfbf836bbd2dff9ccb82ed708645a855ea492ae21b556a587926dc3cdcea9a

    Download Submit

  • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8
    Filesize

    438B

    MD5

    6f43456f735dbf8005b26d4b0eef09b6

    SHA1

    e9d6d3cbcf5c9ca61e654919eaadce83c461177f

    SHA256

    6ed0c85ce3213e1995e2bbaea96f13be28db8437ef4b6d974e623458eb662bf9

    SHA512

    0c6999b12b1f9cf5a89ae99d6d1f2965bc561734dd4c974abe085dd3f6fc48a19760b05ab2a752c2990a085e829a59cac36c4946d675393c333b7ca59229c536

    Download Submit

  • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c92eafc0e7c5771f78f5ceec794e6fab

    SHA1

    4a9fcd727b0176318c6be00bc815ab73c00f9b08

    SHA256

    07a24972a35838766c42d719b2cd44afcd897e24b6fd95d2e38e02edc2ae7d78

    SHA512

    b13389998d0be5121601a8591dbf1021c456fa01d71e8e486878857ecfee1906413a9c4dd7780887f8c31c52f345897679999dfc4932b7cbe3d62a2110a1362d

    Download Submit

  • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3
    Filesize

    506B

    MD5

    5d884c997fcec532ef104c8be731e02b

    SHA1

    e5a9debf77beca3c6ec1654f65bf1cb313d19d1b

    SHA256

    0d0e182288ebc2c56204d008faf7efc958a3e5fbcfa6d90123ea4bf5718c1b54

    SHA512

    cc95563a5229bd12aafeb445ad55ae0dfe5ad5c17b5474f96059ba6cf9cce5ff095a901e7669b082c1959344bf406a7739f94f30c577cbe38784eb4aae1c2ffd

    Download Submit

  • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
    Filesize

    458B

    MD5

    4929dc265b313406e47486a70f0af922

    SHA1

    a3fc436c54e00a1a06a16887353c1287bb14f513

    SHA256

    3cf0ee74071213d36228f3ef7562de73c2bc421aba1c169cf63e067b554b9f2a

    SHA512

    fa55cb30c3c1ed32b1c5f230c2732679b44e9ef4e29883c4919e32a5f687b4317ee792d27c2179d727f907a8ab489c9cbde3aa52c4f38084c974b331949c1284

    Download Submit

  • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
    Filesize

    432B

    MD5

    8360ada70e4a42d5b58981337fabf63d

    SHA1

    56fd402214e8bba978c127ef6535acd14301ab2d

    SHA256

    5214a7a1e1dc163abf68ed2316a7872b2b92d11e6139c6f4cc69d652356b519a

    SHA512

    9cca7af2a800baf6f333f62000ee6cc9fd53d4ab802a286789250ce9da4761f137a4b467de4e832772387e73602f6a55d44ce9b6d6f0fbc760a4744ac29c4725

    Download Submit

  • C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D03E46CD585BBE111C712E6577BC5F07_C1E077402F942CF5DBE2F967DF57BA6C
    Filesize

    422B

    MD5

    3620486a50934748baa9b3569ca04a02

    SHA1

    92aacd6d3000abba9e3ed899b9fb5aabfea7021a

    SHA256

    002f2a2101bd20e51fb619beed69f77f61729ad8188bb95da087c2fb19e42808

    SHA512

    6bb81b847391832b560a0880ac5e410a8c884bbb2904500e7f66d7f901e999524889f1cef1ca4af030648d1ec690d79a3ae9285c5def220c08853bdc403e17c0

    Download Submit

  • memory/2324-0-0x0000000000020000-0x0000000000023000-memory.dmp

    Filesize

    12KB

    Download