Overview

overview

7

Static

static

1ee56379a5...32.exe

windows7-x64

7

1ee56379a5...32.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    45s
  • max time network
    48s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    14-10-2022 21:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1ee56379a58013ae8a4c7bf0705c5022aff8c3f784df63115a0742d400d36f32.exe

  • Size

    3.9MB

  • MD5

    f714314d66ca51dcf8c14d72ff3c36dc

  • SHA1

    bc0d825287d43860db52b8ccc9cb17e62a79daa2

  • SHA256

    1ee56379a58013ae8a4c7bf0705c5022aff8c3f784df63115a0742d400d36f32

  • SHA512

    22d7b27fd3b8bf7c3b6ebc1ce86bfeb547f9e9a0c598a60b4e24d2a37fd525ddf076a90f1c93d6dc30f6a49763391c860b6ad17af8d12167800d48a527b7222d

  • SSDEEP

    49152:lhAwpzoeq5VTc+t8FYIf/EiFoVGVTmzBw3mpstwpxjKMItnZlv6Kihq9lkI7iEfq:QwKGqQT1mpsSpxwZhAhOlgEyRbk/Pgj

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • Suspicious use of SetWindowsHookEx 59 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1ee56379a58013ae8a4c7bf0705c5022aff8c3f784df63115a0742d400d36f32.exe
    "C:\Users\Admin\AppData\Local\Temp\1ee56379a58013ae8a4c7bf0705c5022aff8c3f784df63115a0742d400d36f32.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    PID:536

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\E_N60005\com.run
    Filesize

    260KB

    MD5

    a50997b4c89c65c884962b7329f79482

    SHA1

    0682991c12e6291e4cda784f9bcec9d94e929f99

    SHA256

    ecff85bf05907c9806b66c8a18e21dbf689ed28c5fba9c5e3dc8a38a51d9c5de

    SHA512

    273339549636c12b0faa634be1eaee78ef504df35014d7c82ac979eea4bde8a3d69f3b232dc49e8f3ccafa0a72edaf576a9d69ea031681d6a9ed9a5e0bfde9ab

    Download Submit

  • \Users\Admin\AppData\Local\Temp\E_N60005\eGrid.fne
    Filesize

    404KB

    MD5

    9c80fda2e1e98f3ab0873a2ea3e6be7f

    SHA1

    6eac9c5ef36a4d799bdf683823a4f3e912f4f470

    SHA256

    0a12fcbe6832aad4143dd2ad87a60e9ff4f04fa440831f910557f820ba21fe18

    SHA512

    3300f22c26fe25480b7f01d90a80d53df572f80aa1b0e9a2dfa9098b634890895fbfbb2c17224d3c0a63001785f0ae1f4e1458293047c559c50213699285503f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\E_N60005\iext.fnr
    Filesize

    204KB

    MD5

    856495a1605bfc7f62086d482b502c6f

    SHA1

    86ecc67a784bc69157d664850d489aab64f5f912

    SHA256

    8c8254cb49f7287b97c7f952c81edabc9f11f3fa3f02f265e67d5741998cf0bf

    SHA512

    35a6e580cd362c64f1e1f9c3439660bd980ec437bd8cabbdc49479ceb833cd8cb6c82d2fb747516d5cfcf2af0ba540bc01640171fbe3b4d0e0a3eeeaa69dd1d9

    Download Submit

  • \Users\Admin\AppData\Local\Temp\E_N60005\iext2.fne
    Filesize

    492KB

    MD5

    dba5fdbe7ec94463b3f6fdf2162c9f95

    SHA1

    a97137b4f2b77166b2a23da1f58e0bdb7365f4f2

    SHA256

    a8b14f31098a191631696db5ddc77e029b48999542e0ec15b63df02220c66d37

    SHA512

    325439bb5fe0e18e08cd547e9e9d505aa5b1ee51a436cb155254cfb04d318679e7a016cc2e72ffaba49bed20e15e85b26fd2a22e726e211650317218dde53ba6

    Download Submit

  • \Users\Admin\AppData\Local\Temp\E_N60005\krnln.fnr
    Filesize

    1.2MB

    MD5

    1eece63319e7c5f6718562129b1572f1

    SHA1

    089ea3a605639eb1292f6a2a9720f0b2801b0b6e

    SHA256

    4bed8a6e4e1548fddee40927b438132b47ef2aca6e9beb06b89fcf7714726310

    SHA512

    13537d1dd80fa87b6b908361957e8c434ca547a575c8c8aab43423063e60cb5523fb1843a467ae73db4a64d278c06b831551e78ae6d895201f7ef0c5b162c1ab

    Download Submit

  • \Users\Admin\AppData\Local\Temp\E_N60005\spec.fne
    Filesize

    72KB

    MD5

    bd6eef5ea9a52a412a8f57490d8bd8e4

    SHA1

    ab61ad7f66c5f6dfb8d28eba1833591469951870

    SHA256

    0c9e6eb8648f4bf5c585d5344035e91c3249bb9686a302503b4681b7ba828dc0

    SHA512

    1c43e50270eed071c8ef35e1c4695a93b9f98e668d4aebb44eb3b620efd2624b381554d2daf2d017f764b485e060abd589216043adea19eac94028ce66cc2025

    Download Submit

  • \Users\Admin\AppData\Local\Temp\E_N60005\vclbase.fne
    Filesize

    873KB

    MD5

    4f5d57439af1d9376f5f0c8ce8e2727e

    SHA1

    c4ecaf0897231189457eb991f153fa1bc96668e9

    SHA256

    b8288af3f0b44b829a3bb2f3a58be3c1f7f956f95cb896b4bf102ebc9e72c7c4

    SHA512

    0ec260a340c09cd48a8b3819dfd283da8e64e885166242f8e11c5442b679cd21e64b04fde8c3a1a800ec01a9c59e216e6a9bd4416de0baaad43b2d27de74852a

    Download Submit

  • memory/536-68-0x0000000002580000-0x00000000025F5000-memory.dmp

    Filesize

    468KB

    Download

  • memory/536-65-0x0000000002120000-0x00000000021AB000-memory.dmp

    Filesize

    556KB

    Download

  • memory/536-58-0x0000000050000000-0x0000000050109000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/536-71-0x00000000006E0000-0x0000000000721000-memory.dmp

    Filesize

    260KB

    Download

  • memory/536-57-0x00000000003E0000-0x00000000003F7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/536-74-0x0000000003860000-0x000000000393F000-memory.dmp

    Filesize

    892KB

    Download

  • memory/536-55-0x0000000075B11000-0x0000000075B13000-memory.dmp

    Filesize

    8KB

    Download

  • memory/536-76-0x0000000002500000-0x000000000254A000-memory.dmp

    Filesize

    296KB

    Download

  • memory/536-78-0x0000000000400000-0x000000000058E000-memory.dmp

    Filesize

    1.6MB

    Download