Overview

overview

8

Static

static

7e7d4dbbef...ec.exe

windows7-x64

8

7e7d4dbbef...ec.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    38s
  • max time network
    41s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    18/10/2022, 11:50

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7e7d4dbbef3911f6680d9c9089e973d714b02ab5b38d7c15fad5c68ae4abc3ec.exe

  • Size

    418KB

  • MD5

    944496f701f29a3e4548256468e52bfd

  • SHA1

    abe4479d6b2478780287dc56ce9f8e5bedbc063e

  • SHA256

    7e7d4dbbef3911f6680d9c9089e973d714b02ab5b38d7c15fad5c68ae4abc3ec

  • SHA512

    b00b1eb78e8cffe9daf6141de1159017df317d650b2e58540219772ea76179cb94c8c79fc94858cda7ac0d2c35cefb500845629b90b0dc396875c3aa436f5294

  • SSDEEP

    6144:gkynLacGLNKLum62RdYdR3XK4kgGn07SPxBl6OfqHjSKC6k541z:F0LrGLNKLumz0v3a4kln0eZ76OfRr

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7e7d4dbbef3911f6680d9c9089e973d714b02ab5b38d7c15fad5c68ae4abc3ec.exe
    "C:\Users\Admin\AppData\Local\Temp\7e7d4dbbef3911f6680d9c9089e973d714b02ab5b38d7c15fad5c68ae4abc3ec.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1308
    • \??\c:\program files\ReAlplay\Redistributable\contained.exe
      "c:\program files\ReAlplay\Redistributable\contained.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:696

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files\ReAlplay\Redistributable\contained.exe
          Filesize

          418KB

          MD5

          ed62137dbc04351ad9531ca992c19ae7

          SHA1

          adb6081eac963ccd43e87102abbb80417d4265cf

          SHA256

          59302947a7db54098453a741c1c3d9a8cb6f39da758760dcc536ca71f6bb6272

          SHA512

          15ebd6200751fb75cd9876088a87e6cc951118c533bf7b4aa7466baea98d4be671aebc3b1ca31e1ffc259052e40563ac5b802fe9ef8beb9cb4ef0f55ef9164bb

          Download Submit

        • \Program Files\ReAlplay\Redistributable\contained.exe
          Filesize

          418KB

          MD5

          ed62137dbc04351ad9531ca992c19ae7

          SHA1

          adb6081eac963ccd43e87102abbb80417d4265cf

          SHA256

          59302947a7db54098453a741c1c3d9a8cb6f39da758760dcc536ca71f6bb6272

          SHA512

          15ebd6200751fb75cd9876088a87e6cc951118c533bf7b4aa7466baea98d4be671aebc3b1ca31e1ffc259052e40563ac5b802fe9ef8beb9cb4ef0f55ef9164bb

          Download Submit

        • \Program Files\ReAlplay\Redistributable\contained.exe
          Filesize

          418KB

          MD5

          ed62137dbc04351ad9531ca992c19ae7

          SHA1

          adb6081eac963ccd43e87102abbb80417d4265cf

          SHA256

          59302947a7db54098453a741c1c3d9a8cb6f39da758760dcc536ca71f6bb6272

          SHA512

          15ebd6200751fb75cd9876088a87e6cc951118c533bf7b4aa7466baea98d4be671aebc3b1ca31e1ffc259052e40563ac5b802fe9ef8beb9cb4ef0f55ef9164bb

          Download Submit

        • memory/1308-54-0x0000000075BD1000-0x0000000075BD3000-memory.dmp

          Filesize

          8KB

          Download