Analysis

  • max time kernel
    91s
  • max time network
    137s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/10/2022, 21:30

General

  • Target

    3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe

  • Size

    2.1MB

  • MD5

    ec349ac9688260322ac90637e3e86403

  • SHA1

    bc5e140403198facedd11d08d4cd0f367c1f1936

  • SHA256

    3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee

  • SHA512

    0bd904037a37343f72c4dea846eec900a65f515a7ba42b6922f9299f7080f2773dd5f094cd0a40bf60cb70649b61a61ede7f497646d3d8b5d6a80880126e8c01

  • SSDEEP

    49152:Uh+CeiL7rADJOx5PFDBlpW1t0OMlfPGhJrbAMmK5pXPWn:dE59FDrpWNM5knL/cn

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • Drops file in Windows directory 1 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious use of SetWindowsHookEx 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe
    "C:\Users\Admin\AppData\Local\Temp\3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1532
    • C:\windows\SysWOW64\calc.exe
      C:\windows\system32\calc.exe
      2⤵
      • Modifies registry class
      PID:1588
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
      PID:332

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\E_N60005\eOALib.fne

            Filesize

            2.7MB

            MD5

            3f8b342b8eea58614bc1566e3999ebb7

            SHA1

            9628bf1827483ab1d6053ae4117a88d4dd889f21

            SHA256

            267943a3a4ff623cf0c67b62264bc9465a25d4aad3a67febb51cdc714fbf745c

            SHA512

            41f20f60ca3b84141b789437c8b7191a1d7eb41d8681144798cd9c77eaf0a8b34753043bb4df1e37ed110bc81ab035450e98f666d778c9c44780c02f1b3a21db

          • C:\Users\Admin\AppData\Local\Temp\E_N60005\eOALib.fne

            Filesize

            2.7MB

            MD5

            3f8b342b8eea58614bc1566e3999ebb7

            SHA1

            9628bf1827483ab1d6053ae4117a88d4dd889f21

            SHA256

            267943a3a4ff623cf0c67b62264bc9465a25d4aad3a67febb51cdc714fbf745c

            SHA512

            41f20f60ca3b84141b789437c8b7191a1d7eb41d8681144798cd9c77eaf0a8b34753043bb4df1e37ed110bc81ab035450e98f666d778c9c44780c02f1b3a21db

          • C:\Users\Admin\AppData\Local\Temp\E_N60005\iext.fnr

            Filesize

            204KB

            MD5

            856495a1605bfc7f62086d482b502c6f

            SHA1

            86ecc67a784bc69157d664850d489aab64f5f912

            SHA256

            8c8254cb49f7287b97c7f952c81edabc9f11f3fa3f02f265e67d5741998cf0bf

            SHA512

            35a6e580cd362c64f1e1f9c3439660bd980ec437bd8cabbdc49479ceb833cd8cb6c82d2fb747516d5cfcf2af0ba540bc01640171fbe3b4d0e0a3eeeaa69dd1d9

          • C:\Users\Admin\AppData\Local\Temp\E_N60005\iext.fnr

            Filesize

            204KB

            MD5

            856495a1605bfc7f62086d482b502c6f

            SHA1

            86ecc67a784bc69157d664850d489aab64f5f912

            SHA256

            8c8254cb49f7287b97c7f952c81edabc9f11f3fa3f02f265e67d5741998cf0bf

            SHA512

            35a6e580cd362c64f1e1f9c3439660bd980ec437bd8cabbdc49479ceb833cd8cb6c82d2fb747516d5cfcf2af0ba540bc01640171fbe3b4d0e0a3eeeaa69dd1d9

          • C:\Users\Admin\AppData\Local\Temp\E_N60005\krnln.fnr

            Filesize

            1.2MB

            MD5

            1eece63319e7c5f6718562129b1572f1

            SHA1

            089ea3a605639eb1292f6a2a9720f0b2801b0b6e

            SHA256

            4bed8a6e4e1548fddee40927b438132b47ef2aca6e9beb06b89fcf7714726310

            SHA512

            13537d1dd80fa87b6b908361957e8c434ca547a575c8c8aab43423063e60cb5523fb1843a467ae73db4a64d278c06b831551e78ae6d895201f7ef0c5b162c1ab

          • memory/1532-132-0x0000000000400000-0x0000000000414000-memory.dmp

            Filesize

            80KB

          • memory/1532-136-0x0000000002390000-0x00000000023D1000-memory.dmp

            Filesize

            260KB

          • memory/1532-140-0x0000000004410000-0x00000000046D8000-memory.dmp

            Filesize

            2.8MB

          • memory/1532-143-0x0000000000400000-0x0000000000414000-memory.dmp

            Filesize

            80KB