Overview

overview

10

Static

static

8c5d3c16ae...56.exe

windows7_x64

10

8c5d3c16ae...56.exe

windows10_x64

10

Analysis

  • max time kernel
    110s
  • max time network
    123s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    16-12-2021 02:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8c5d3c16ae8cb907379a21bfab8cbb56.exe

  • Size

    161KB

  • MD5

    8c5d3c16ae8cb907379a21bfab8cbb56

  • SHA1

    c953abf45094625232a4b7a46ad91948e3f97b9e

  • SHA256

    3367fd9ef4970f0f5a98b1e431c89dab120c098b8a9bed70b8729864931d274a

  • SHA512

    25fc4b10d8e44b80a2bd47d3413ce99f647d1ad083fdc3c56e5c47e9d24deed0bcd1b998cbdf7ae672edc087d4d1c6b5773150471b189ee635336257ddc2b878

Score
10/10
vkeyloggerkeyloggerpersistencestealer

Malware Config

Signatures

  • VKeylogger

    A keylogger first seen in Nov 2020.

    stealerkeyloggervkeylogger
  • VKeylogger Payload 3 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8c5d3c16ae8cb907379a21bfab8cbb56.exe
    "C:\Users\Admin\AppData\Local\Temp\8c5d3c16ae8cb907379a21bfab8cbb56.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:4076
    • C:\Windows\SysWOW64\explorer.exe
      "C:\Windows\SysWOW64\explorer.exe"
      2⤵
      • Adds Run key to start application
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of FindShellTrayWindow
      PID:816

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/816-119-0x0000000000C20000-0x0000000000C2F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/4076-116-0x00000000008F0000-0x00000000008FE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4076-115-0x0000000000030000-0x000000000003A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4076-117-0x0000000000400000-0x000000000081A000-memory.dmp

    Filesize

    4.1MB

    Download