843d8f64c711eb148db149c94fbb41b4705610e14928eaf4ffda52e3b70f7d2d

General

Target

843d8f64c711eb148db149c94fbb41b4705610e14928eaf4ffda52e3b70f7d2d.exe
Size

88KB
MD5

67268a0d684199431457a0e10cb45baa
SHA1

59a075153b3d24590d2e5c1be930098b73033467
SHA256

843d8f64c711eb148db149c94fbb41b4705610e14928eaf4ffda52e3b70f7d2d
SHA512

19dca4ad4df72209ce308af160c9a2bea23f5c4daab1ac86c11ccf5309108aad25e8116ba1261ca2b26f137a09e6b1428659adb159b522434d2450e6afb7e25c
SSDEEP

768:9cgOLtbX156mlGxIoRVRv4UA/9gCEnZJQ:2FX1ggGxZZ0/xMJ

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2008	mdktask.exe
1252	mdktask.exe

Loads dropped DLL 4 IoCs

pid	Process
1424	843d8f64c711eb148db149c94fbb41b4705610e14928eaf4ffda52e3b70f7d2d.exe
1424	843d8f64c711eb148db149c94fbb41b4705610e14928eaf4ffda52e3b70f7d2d.exe
2008	mdktask.exe
2008	mdktask.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	\??\c:\windows\SysWOW64\mdktask.exe	843d8f64c711eb148db149c94fbb41b4705610e14928eaf4ffda52e3b70f7d2d.exe
File opened for modification	\??\c:\windows\SysWOW64\mdktask.exe	843d8f64c711eb148db149c94fbb41b4705610e14928eaf4ffda52e3b70f7d2d.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1424	843d8f64c711eb148db149c94fbb41b4705610e14928eaf4ffda52e3b70f7d2d.exe
2008	mdktask.exe
1252	mdktask.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1424 wrote to memory of 2008	1424	843d8f64c711eb148db149c94fbb41b4705610e14928eaf4ffda52e3b70f7d2d.exe	26
PID 1424 wrote to memory of 2008	1424	843d8f64c711eb148db149c94fbb41b4705610e14928eaf4ffda52e3b70f7d2d.exe	26
PID 1424 wrote to memory of 2008	1424	843d8f64c711eb148db149c94fbb41b4705610e14928eaf4ffda52e3b70f7d2d.exe	26
PID 1424 wrote to memory of 2008	1424	843d8f64c711eb148db149c94fbb41b4705610e14928eaf4ffda52e3b70f7d2d.exe	26
PID 2008 wrote to memory of 1252	2008	mdktask.exe	27
PID 2008 wrote to memory of 1252	2008	mdktask.exe	27
PID 2008 wrote to memory of 1252	2008	mdktask.exe	27
PID 2008 wrote to memory of 1252	2008	mdktask.exe	27

C:\Users\Admin\AppData\Local\Temp\843d8f64c711eb148db149c94fbb41b4705610e14928eaf4ffda52e3b70f7d2d.exe
"C:\Users\Admin\AppData\Local\Temp\843d8f64c711eb148db149c94fbb41b4705610e14928eaf4ffda52e3b70f7d2d.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1424
- \??\c:\windows\SysWOW64\mdktask.exe
  c:\windows\system32\mdktask.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2008
- - \??\c:\windows\SysWOW64\mdktask.exe
    c:\windows\system32\mdktask.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1252

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\mdktask.exe

Filesize
88KB

MD5
67268a0d684199431457a0e10cb45baa

SHA1
59a075153b3d24590d2e5c1be930098b73033467

SHA256
843d8f64c711eb148db149c94fbb41b4705610e14928eaf4ffda52e3b70f7d2d

SHA512
19dca4ad4df72209ce308af160c9a2bea23f5c4daab1ac86c11ccf5309108aad25e8116ba1261ca2b26f137a09e6b1428659adb159b522434d2450e6afb7e25c

Download Submit
C:\Windows\SysWOW64\mdktask.exe

Filesize
88KB

MD5
67268a0d684199431457a0e10cb45baa

SHA1
59a075153b3d24590d2e5c1be930098b73033467

SHA256
843d8f64c711eb148db149c94fbb41b4705610e14928eaf4ffda52e3b70f7d2d

SHA512
19dca4ad4df72209ce308af160c9a2bea23f5c4daab1ac86c11ccf5309108aad25e8116ba1261ca2b26f137a09e6b1428659adb159b522434d2450e6afb7e25c

Download Submit
\??\c:\windows\SysWOW64\mdktask.exe

Filesize
88KB

MD5
67268a0d684199431457a0e10cb45baa

SHA1
59a075153b3d24590d2e5c1be930098b73033467

SHA256
843d8f64c711eb148db149c94fbb41b4705610e14928eaf4ffda52e3b70f7d2d

SHA512
19dca4ad4df72209ce308af160c9a2bea23f5c4daab1ac86c11ccf5309108aad25e8116ba1261ca2b26f137a09e6b1428659adb159b522434d2450e6afb7e25c

Download Submit
\Windows\SysWOW64\mdktask.exe

Filesize
88KB

MD5
67268a0d684199431457a0e10cb45baa

SHA1
59a075153b3d24590d2e5c1be930098b73033467

SHA256
843d8f64c711eb148db149c94fbb41b4705610e14928eaf4ffda52e3b70f7d2d

SHA512
19dca4ad4df72209ce308af160c9a2bea23f5c4daab1ac86c11ccf5309108aad25e8116ba1261ca2b26f137a09e6b1428659adb159b522434d2450e6afb7e25c

Download Submit
\Windows\SysWOW64\mdktask.exe

Filesize
88KB

MD5
67268a0d684199431457a0e10cb45baa

SHA1
59a075153b3d24590d2e5c1be930098b73033467

SHA256
843d8f64c711eb148db149c94fbb41b4705610e14928eaf4ffda52e3b70f7d2d

SHA512
19dca4ad4df72209ce308af160c9a2bea23f5c4daab1ac86c11ccf5309108aad25e8116ba1261ca2b26f137a09e6b1428659adb159b522434d2450e6afb7e25c

Download Submit
\Windows\SysWOW64\mdktask.exe

Filesize
88KB

MD5
67268a0d684199431457a0e10cb45baa

SHA1
59a075153b3d24590d2e5c1be930098b73033467

SHA256
843d8f64c711eb148db149c94fbb41b4705610e14928eaf4ffda52e3b70f7d2d

SHA512
19dca4ad4df72209ce308af160c9a2bea23f5c4daab1ac86c11ccf5309108aad25e8116ba1261ca2b26f137a09e6b1428659adb159b522434d2450e6afb7e25c

Download Submit
\Windows\SysWOW64\mdktask.exe

Filesize
88KB

MD5
67268a0d684199431457a0e10cb45baa

SHA1
59a075153b3d24590d2e5c1be930098b73033467

SHA256
843d8f64c711eb148db149c94fbb41b4705610e14928eaf4ffda52e3b70f7d2d

SHA512
19dca4ad4df72209ce308af160c9a2bea23f5c4daab1ac86c11ccf5309108aad25e8116ba1261ca2b26f137a09e6b1428659adb159b522434d2450e6afb7e25c

Download Submit
memory/1252-67-0x0000000000000000-mapping.dmp

Download
memory/1424-56-0x0000000076151000-0x0000000076153000-memory.dmp

Filesize
8KB

Download
memory/2008-59-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing