e8b23f70120b69886cd4ec64fc1dea36c4c9d6ee0d07d31c83e34e4a56ede56f | Triage

Resubmissions

15-02-2021 18:58

210215-b4395dk5gj 8

15-02-2021 15:23

210215-hzn6eppy4j 10

Analysis

max time kernel
1774s
max time network
1774s
platform
windows10_x64
resource
win10v20201028
submitted
15-02-2021 18:58

Sharing

Report Analysis Logs

General

Target

d16c33acbb708fd0daf6360fb293f453.exe
Size

952KB
MD5

d16c33acbb708fd0daf6360fb293f453
SHA1

d5cea93c11983dbe82a6aee4cd26a0afb28b927a
SHA256

e8b23f70120b69886cd4ec64fc1dea36c4c9d6ee0d07d31c83e34e4a56ede56f
SHA512

cfd8767c57313e40d109f9af433fbce2a5498a295a950b967874e79825bace578c9a42eeebb908e9eb7c6c1bc9ad0dd807e2cd6a62b98917933a3034d31b518e

Score

8^/10

dave

Malware Config

Signatures

Dave packer 1 IoCs

Detects executable packed with a packer named 'Dave' from the community, due to a string at the end of it.

Processes:

resource	yara_rule
behavioral1/memory/1152-3-0x00000000022D0000-0x00000000022FD000-memory.dmp	dave

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

d16c33acbb708fd0daf6360fb293f453.exe

pid process

1152 d16c33acbb708fd0daf6360fb293f453.exe
1152 d16c33acbb708fd0daf6360fb293f453.exe

C:\Users\Admin\AppData\Local\Temp\d16c33acbb708fd0daf6360fb293f453.exe
"C:\Users\Admin\AppData\Local\Temp\d16c33acbb708fd0daf6360fb293f453.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1152

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1152-2-0x0000000002300000-0x000000000232F000-memory.dmp

Filesize
188KB

Download
memory/1152-4-0x0000000002330000-0x000000000235E000-memory.dmp

Filesize
184KB

Download
memory/1152-3-0x00000000022D0000-0x00000000022FD000-memory.dmp

Filesize
180KB

Download
memory/1152-5-0x00000000036D0000-0x0000000003AD0000-memory.dmp

Filesize
4.0MB

Download