Analysis
-
max time kernel
4294183s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20220311-en -
submitted
21-03-2022 09:00
General
-
Target
4d94ac536d0cae874d48866d52c57d49.exe
-
Size
149KB
-
MD5
4d94ac536d0cae874d48866d52c57d49
-
SHA1
198b92d7d1963f43c9cd5c967c6ee5100c4f51b0
-
SHA256
fd2a72060baf27b380eeae7fe7e4649425d81709c27fc61072e736201aa74b75
-
SHA512
14d938de86e72a7a61fe1accce4dee418f489ba1c812d8e1aaa3172198d5acc31559da7ea9bbed2673fa75bc07f9e46be041a5ee0e36383e27716fbbe99d7bc4
Score
10/10
Malware Config
Signatures
-
VKeylogger
A keylogger first seen in Nov 2020.
-
VKeylogger Payload 1 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious behavior: MapViewOfSection 2 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4d94ac536d0cae874d48866d52c57d49.exe"C:\Users\Admin\AppData\Local\Temp\4d94ac536d0cae874d48866d52c57d49.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exe"C:\Windows\SysWOW64\explorer.exe"2⤵
- Adds Run key to start application
- Suspicious behavior: MapViewOfSection
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
152KB