Overview

overview

7

Static

static

3

e5947ee21e...7f.exe

windows7-x64

7

e5947ee21e...7f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    91s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/09/2022, 16:35

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    e5947ee21e8114949fd8521007f397c455ea564f80ac6b6d62b1e7547bb7a27f.exe

  • Size

    36.5MB

  • MD5

    f47a7e5485aba1da1a3397e3ac745adf

  • SHA1

    4c5da82aa4f5e0a21278ef48ea535c42756bc41c

  • SHA256

    e5947ee21e8114949fd8521007f397c455ea564f80ac6b6d62b1e7547bb7a27f

  • SHA512

    eab525f66997f092fbd15b06f3062131d6966daa37da446f436dd2ce7d12360f2d46b344db4fbc2de331f155fea4f288059a70f21339e370f8b6f0d420b81da6

  • SSDEEP

    786432:uzU0HiPaItTKkrWKcG+8V3lJv5cbv5MqT/sWZ:uUCiPaUr5jVJvg5MqdZ

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 6 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 25 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e5947ee21e8114949fd8521007f397c455ea564f80ac6b6d62b1e7547bb7a27f.exe
    "C:\Users\Admin\AppData\Local\Temp\e5947ee21e8114949fd8521007f397c455ea564f80ac6b6d62b1e7547bb7a27f.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:3684

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\E_N60005\EThread.fne
          Filesize

          60KB

          MD5

          206396257b97bd275a90ce6c2c0c37fd

          SHA1

          3cae4506a033cf7e97156d5261f2a247c6270f42

          SHA256

          64eef86745d7ae0168fec357099e2e952ce74ee19576d06cc8c8c65f210cc22c

          SHA512

          4c23e52b5b23b305c3172e01dd205e15fda8f20f8b60776ba59d080bf05bbbca456a0ed232f2e2a2bf01d32efb913063f89fb4928bc4d5d1c1eb4c4979803455

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\E_N60005\krnln.fnr
          Filesize

          1.2MB

          MD5

          f5efa94419f190dd8b6af402efc8ac7f

          SHA1

          f8dfef0b9096d0bc9853548458d05612023f5d3a

          SHA256

          d1d5f7cdc1ec41bba0ae3391d58409c8d710e5526559168cac5f0fdc510d245b

          SHA512

          a5a5a5f5e1bdd3ad8e3eafa74b7b12be046ad7733a8abffedb78afe8e69f7d9152264da8ff23d1f6cf3421c21469e1fa442d89432ebe65be243d7e2e83631081

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\E_N60005\shell.fne
          Filesize

          60KB

          MD5

          98174c8c2995000efbda01e1b86a1d4d

          SHA1

          7e71a5a029a203e4ab0afc68eee18c39f4ab4097

          SHA256

          90284c2ead0598faa715cc90c1f53b83b916099c918ce7f816f0b4550ff55ac6

          SHA512

          a37059062a99cd2a9fae15850b49068752ccf0be9f1d86c3f812a689b7c4d024771ec2b66adf9ce950bc5b8b117d457aba87d586cf112a1a30239531bfc8cd06

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\E_N60005\spec.fne
          Filesize

          72KB

          MD5

          bd6eef5ea9a52a412a8f57490d8bd8e4

          SHA1

          ab61ad7f66c5f6dfb8d28eba1833591469951870

          SHA256

          0c9e6eb8648f4bf5c585d5344035e91c3249bb9686a302503b4681b7ba828dc0

          SHA512

          1c43e50270eed071c8ef35e1c4695a93b9f98e668d4aebb44eb3b620efd2624b381554d2daf2d017f764b485e060abd589216043adea19eac94028ce66cc2025

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\E_N60005\wke.fne
          Filesize

          304KB

          MD5

          0e909d7ac14d155af43949375d850484

          SHA1

          81cb17ea7d03418845566fc968373bdfd0089f61

          SHA256

          f053c79e3cfe76f8d4b291f090fed2afa002c6e832f9195181961ebfb593630f

          SHA512

          880eefc6dd908ffd900e171417a01ebc02adbcf8ca10fffbab0ebb903c5e1c409a8b5a582551da9455131222003d1007a0d21c9f972454b716da2625ece04a9f

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\evb7E6D.tmp
          Filesize

          1KB

          MD5

          e7eece9649c1e99ba57af4dbc2fbdc2e

          SHA1

          b54f01e8a63fa792e63418f63d74c836cfab352a

          SHA256

          04c1317141e215a3c03938563cef446d8256fe2d1968dde26c7e7b8b15740f6a

          SHA512

          94ec339b8b7930f03b064aafa8ae881ec2f37a214d6223c9f06c8400b6222f9484430e3d076f21b4acbfcd1f7b4b17566cf6010812eb5b4ddb4b3cbc357e6f7b

          Download Submit

        • memory/3684-141-0x00000000060B0000-0x0000000008194000-memory.dmp

          Filesize

          32.9MB

          Download

        • memory/3684-152-0x00000000060B0000-0x0000000008194000-memory.dmp

          Filesize

          32.9MB

          Download

        • memory/3684-137-0x00000000060B0000-0x0000000008194000-memory.dmp

          Filesize

          32.9MB

          Download

        • memory/3684-147-0x000000000A720000-0x000000000A735000-memory.dmp

          Filesize

          84KB

          Download

        • memory/3684-135-0x0000000004550000-0x000000000459E000-memory.dmp

          Filesize

          312KB

          Download

        • memory/3684-149-0x000000000A750000-0x000000000A767000-memory.dmp

          Filesize

          92KB

          Download

        • memory/3684-133-0x0000000000400000-0x00000000019F5000-memory.dmp

          Filesize

          22.0MB

          Download

        • memory/3684-150-0x000000001ED40000-0x000000001EE50000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3684-151-0x0000000000400000-0x00000000019F5000-memory.dmp

          Filesize

          22.0MB

          Download

        • memory/3684-145-0x0000000009700000-0x000000000971C000-memory.dmp

          Filesize

          112KB

          Download

        • memory/3684-153-0x000000001DD42000-0x000000001DD7F000-memory.dmp

          Filesize

          244KB

          Download

        • memory/3684-154-0x000000001DD42000-0x000000001DD7F000-memory.dmp

          Filesize

          244KB

          Download

        • memory/3684-155-0x00000000329C2000-0x00000000329FF000-memory.dmp

          Filesize

          244KB

          Download

        • memory/3684-156-0x00000000329C2000-0x00000000329FF000-memory.dmp

          Filesize

          244KB

          Download

        • memory/3684-157-0x00000000329C2000-0x00000000329FF000-memory.dmp

          Filesize

          244KB

          Download

        • memory/3684-158-0x00000000329C2000-0x00000000329FF000-memory.dmp

          Filesize

          244KB

          Download

        • memory/3684-159-0x00000000329C2000-0x00000000329FF000-memory.dmp

          Filesize

          244KB

          Download

        • memory/3684-160-0x00000000329C2000-0x00000000329FF000-memory.dmp

          Filesize

          244KB

          Download