Overview

overview

8

Static

static

c369667c1d...3f.exe

windows7-x64

8

c369667c1d...3f.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    91s
  • max time network
    130s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-10-2022 09:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c369667c1d5d8d83d935a534642a2ff7396bb8a0b56dce2c443dec0f1b25f23f.exe

  • Size

    409KB

  • MD5

    964f88196f5cf685d2d88781f687ff5a

  • SHA1

    5a1b0c3b78999e801c00473cb4b5f0003c9da3f7

  • SHA256

    c369667c1d5d8d83d935a534642a2ff7396bb8a0b56dce2c443dec0f1b25f23f

  • SHA512

    c98ef8272c6b91cf8f9d364cbafb5375f9fd016bfd886b8732737a42866071b9cd9df9907a3eef25ac9854ba1c6e3f25e00a2e298058fd3c5b21e1fc9b1a855c

  • SSDEEP

    6144:YkRhSuowK23d3FrL7efjbA8ZBaKGZk4+LeF1dU568A+qiUBA:YkRhSuowKIHrerbA8ZBZ0kFLeFQ5Pqi

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c369667c1d5d8d83d935a534642a2ff7396bb8a0b56dce2c443dec0f1b25f23f.exe
    "C:\Users\Admin\AppData\Local\Temp\c369667c1d5d8d83d935a534642a2ff7396bb8a0b56dce2c443dec0f1b25f23f.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:5032
    • \??\c:\program files\ReAlplay\Suppress\status.exe
      "c:\program files\ReAlplay\Suppress\status.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:4108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\ReAlplay\Suppress\status.exe
    Filesize

    409KB

    MD5

    8b0701c980e99c506d8ba0cda563ef58

    SHA1

    70bb7653beca78cb55d872229cffb9a96ca42584

    SHA256

    a1299cc1ed3bcd8665f63ec9ef5e9de62214c2c429805be705d9f435e2512963

    SHA512

    632c067bce7abfa5f458e6414fcba3af3f29e14ef42a94016295a480e11c6b0b86df41085fa83afe094a3d328ee0d8518e47f389aa9918ff7181f9bf825d1187

    Download Submit

  • \??\c:\program files\ReAlplay\Suppress\status.exe
    Filesize

    409KB

    MD5

    8b0701c980e99c506d8ba0cda563ef58

    SHA1

    70bb7653beca78cb55d872229cffb9a96ca42584

    SHA256

    a1299cc1ed3bcd8665f63ec9ef5e9de62214c2c429805be705d9f435e2512963

    SHA512

    632c067bce7abfa5f458e6414fcba3af3f29e14ef42a94016295a480e11c6b0b86df41085fa83afe094a3d328ee0d8518e47f389aa9918ff7181f9bf825d1187

    Download Submit