Analysis
-
max time kernel
91s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
10/10/2022, 21:30
Static task
static1
Behavioral task
behavioral1
Sample
3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe
Resource
win10v2004-20220812-en
General
-
Target
3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe
-
Size
2.1MB
-
MD5
ec349ac9688260322ac90637e3e86403
-
SHA1
bc5e140403198facedd11d08d4cd0f367c1f1936
-
SHA256
3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee
-
SHA512
0bd904037a37343f72c4dea846eec900a65f515a7ba42b6922f9299f7080f2773dd5f094cd0a40bf60cb70649b61a61ede7f497646d3d8b5d6a80880126e8c01
-
SSDEEP
49152:Uh+CeiL7rADJOx5PFDBlpW1t0OMlfPGhJrbAMmK5pXPWn:dE59FDrpWNM5knL/cn
Malware Config
Signatures
-
Loads dropped DLL 5 IoCs
pid Process 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe -
Drops file in Windows directory 1 IoCs
description ioc Process File opened for modification C:\Windows\ozd 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings calc.exe -
Suspicious use of SetWindowsHookEx 64 IoCs
pid Process 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1532 wrote to memory of 1588 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 81 PID 1532 wrote to memory of 1588 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 81 PID 1532 wrote to memory of 1588 1532 3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe 81
Processes
-
C:\Users\Admin\AppData\Local\Temp\3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe"C:\Users\Admin\AppData\Local\Temp\3fcafa6e8d0949d8f39ae8f2b1be863453f7066fc51f47a3e3022e2a3b7f0cee.exe"1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1532 -
C:\windows\SysWOW64\calc.exeC:\windows\system32\calc.exe2⤵
- Modifies registry class
PID:1588
-
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵PID:332
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.7MB
MD53f8b342b8eea58614bc1566e3999ebb7
SHA19628bf1827483ab1d6053ae4117a88d4dd889f21
SHA256267943a3a4ff623cf0c67b62264bc9465a25d4aad3a67febb51cdc714fbf745c
SHA51241f20f60ca3b84141b789437c8b7191a1d7eb41d8681144798cd9c77eaf0a8b34753043bb4df1e37ed110bc81ab035450e98f666d778c9c44780c02f1b3a21db
-
Filesize
2.7MB
MD53f8b342b8eea58614bc1566e3999ebb7
SHA19628bf1827483ab1d6053ae4117a88d4dd889f21
SHA256267943a3a4ff623cf0c67b62264bc9465a25d4aad3a67febb51cdc714fbf745c
SHA51241f20f60ca3b84141b789437c8b7191a1d7eb41d8681144798cd9c77eaf0a8b34753043bb4df1e37ed110bc81ab035450e98f666d778c9c44780c02f1b3a21db
-
Filesize
204KB
MD5856495a1605bfc7f62086d482b502c6f
SHA186ecc67a784bc69157d664850d489aab64f5f912
SHA2568c8254cb49f7287b97c7f952c81edabc9f11f3fa3f02f265e67d5741998cf0bf
SHA51235a6e580cd362c64f1e1f9c3439660bd980ec437bd8cabbdc49479ceb833cd8cb6c82d2fb747516d5cfcf2af0ba540bc01640171fbe3b4d0e0a3eeeaa69dd1d9
-
Filesize
204KB
MD5856495a1605bfc7f62086d482b502c6f
SHA186ecc67a784bc69157d664850d489aab64f5f912
SHA2568c8254cb49f7287b97c7f952c81edabc9f11f3fa3f02f265e67d5741998cf0bf
SHA51235a6e580cd362c64f1e1f9c3439660bd980ec437bd8cabbdc49479ceb833cd8cb6c82d2fb747516d5cfcf2af0ba540bc01640171fbe3b4d0e0a3eeeaa69dd1d9
-
Filesize
1.2MB
MD51eece63319e7c5f6718562129b1572f1
SHA1089ea3a605639eb1292f6a2a9720f0b2801b0b6e
SHA2564bed8a6e4e1548fddee40927b438132b47ef2aca6e9beb06b89fcf7714726310
SHA51213537d1dd80fa87b6b908361957e8c434ca547a575c8c8aab43423063e60cb5523fb1843a467ae73db4a64d278c06b831551e78ae6d895201f7ef0c5b162c1ab