Overview

overview

8

Static

static

a26ae08e5b...17.exe

windows7-x64

8

a26ae08e5b...17.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    94s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/10/2022, 13:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a26ae08e5bb90db100836ea2bde8d465e04b49f2802cd773aee14678fad51917.exe

  • Size

    48KB

  • MD5

    918a3cc62bf7e11988898384e0d53f8a

  • SHA1

    4a940f4db50aaa0614426ae81210abf51ea56580

  • SHA256

    a26ae08e5bb90db100836ea2bde8d465e04b49f2802cd773aee14678fad51917

  • SHA512

    1f2c29ec07e946d61faae7b2c0c40190c2928f2eada6d23423bbf497543f8bb71f97a434fa9a459ded7358eaa8f3c9255bce389f2c63fbdd62bb182edee6e817

  • SSDEEP

    768:xbjtxwjjK7GYOpuiNCp2+UGj0W3eE1Y2aElzODioyziojY9PoE0DJG9o:1txwjjK7lp27GjV3P1YIl3oyzrmg7X

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 3 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a26ae08e5bb90db100836ea2bde8d465e04b49f2802cd773aee14678fad51917.exe
    "C:\Users\Admin\AppData\Local\Temp\a26ae08e5bb90db100836ea2bde8d465e04b49f2802cd773aee14678fad51917.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious behavior: RenamesItself
    • Suspicious use of SetWindowsHookEx
    PID:1380
  • C:\Windows\SysWOW64\zqipzi.exe
    C:\Windows\SysWOW64\zqipzi.exe
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of SetWindowsHookEx
    PID:2384

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\hra33.dll
    Filesize

    55KB

    MD5

    3331f0a2e4ef6267eeb846b90fde3dac

    SHA1

    6f11d962ec706a84a3ae590d894b60881fa4505a

    SHA256

    6474cc7d26a601703405305453ad7c2a6db52cdc559bf4174dd1a7e9d55818a3

    SHA512

    9eebaa88d8a7e8c48b80f905a563f0b48ffd3466a6198f42fc9e738d1a0cc9a1557abcd4a2d2df15ccbedfc12f566086d4bad2dbe9d1a4a6c1e0be76cfd89e29

    Download Submit

  • C:\Windows\SysWOW64\zqipzi.exe
    Filesize

    48KB

    MD5

    918a3cc62bf7e11988898384e0d53f8a

    SHA1

    4a940f4db50aaa0614426ae81210abf51ea56580

    SHA256

    a26ae08e5bb90db100836ea2bde8d465e04b49f2802cd773aee14678fad51917

    SHA512

    1f2c29ec07e946d61faae7b2c0c40190c2928f2eada6d23423bbf497543f8bb71f97a434fa9a459ded7358eaa8f3c9255bce389f2c63fbdd62bb182edee6e817

    Download Submit

  • C:\Windows\SysWOW64\zqipzi.exe
    Filesize

    48KB

    MD5

    918a3cc62bf7e11988898384e0d53f8a

    SHA1

    4a940f4db50aaa0614426ae81210abf51ea56580

    SHA256

    a26ae08e5bb90db100836ea2bde8d465e04b49f2802cd773aee14678fad51917

    SHA512

    1f2c29ec07e946d61faae7b2c0c40190c2928f2eada6d23423bbf497543f8bb71f97a434fa9a459ded7358eaa8f3c9255bce389f2c63fbdd62bb182edee6e817

    Download Submit