0077b2e71f21079511002fe42c5402de4b283f27b4841dc4ccbe2452ad1ee924

Analysis

max time kernel
47s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
28-10-2022 22:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0077b2e71f21079511002fe42c5402de4b283f27b4841dc4ccbe2452ad1ee924.exe
Size

20KB
MD5

0f9864205a84d2cf3b592584607249b0
SHA1

831252a1c447b23e96c43ed5299277c15964bf58
SHA256

0077b2e71f21079511002fe42c5402de4b283f27b4841dc4ccbe2452ad1ee924
SHA512

53d33bdec959259872f9fe81a2355eb00bb082a7f389a0fc30905c60655b9ca189e2e9ce4566332f13f5c222faf96e0f80282e6f8a1f3cd5b082beacb4b37994
SSDEEP

192:1l5E3krTuntKy0peHDfCpHfBv+I4QwXt9V+jqu0G5KDJBFwHOe:1M3PnQoHDCpHf4I4Qwdc0G5KDJ/wt

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\AE 0124 BE.gif	0077b2e71f21079511002fe42c5402de4b283f27b4841dc4ccbe2452ad1ee924.exe
File opened for modification	C:\Windows\AE 0124 BE.gif	0077b2e71f21079511002fe42c5402de4b283f27b4841dc4ccbe2452ad1ee924.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3488	0077b2e71f21079511002fe42c5402de4b283f27b4841dc4ccbe2452ad1ee924.exe

C:\Users\Admin\AppData\Local\Temp\0077b2e71f21079511002fe42c5402de4b283f27b4841dc4ccbe2452ad1ee924.exe
"C:\Users\Admin\AppData\Local\Temp\0077b2e71f21079511002fe42c5402de4b283f27b4841dc4ccbe2452ad1ee924.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:3488
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" C:\Windows\AE 0124 BE.gif
  2⤵
  PID:1348
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1348 CREDAT:17410 /prefetch:2
    3⤵
    PID:2284
- C:\Windows\SysWOW64\drivers\winlogon.exe
  "C:\Windows\System32\drivers\winlogon.exe"
  2⤵
  PID:452

C:\Windows\SysWOW64\drivers\winlogon.exe
"C:\Windows\System32\drivers\winlogon.exe"
1⤵
PID:2196

C:\Windows\SysWOW64\drivers\winlogon.exe
"C:\Windows\System32\drivers\winlogon.exe"
1⤵
PID:4744

C:\Windows\AE 0124 BE.exe
"C:\Windows\AE 0124 BE.exe"
1⤵
PID:260

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\AE 0124 BE.exe

Filesize
40KB

MD5
c02c4e9772803fa9c1ad3be338d07cb2

SHA1
8b8d0cb7f379c1abac03d7d76b376a2cc490b887

SHA256
1fb0a9630fd0ab618dc6f57cc8b1111276500791ffd1e25f9345f2b4423e3731

SHA512
0f15531758ef66c7dac028922e53845001f712146b996fdb711c63872a88822d91c008aa31acc771c2389fd8373389f50c09e06231c4c0ad52a3e7f1d95f13a5

Download Submit
C:\Windows\AE 0124 BE.exe

Filesize
40KB

MD5
c02c4e9772803fa9c1ad3be338d07cb2

SHA1
8b8d0cb7f379c1abac03d7d76b376a2cc490b887

SHA256
1fb0a9630fd0ab618dc6f57cc8b1111276500791ffd1e25f9345f2b4423e3731

SHA512
0f15531758ef66c7dac028922e53845001f712146b996fdb711c63872a88822d91c008aa31acc771c2389fd8373389f50c09e06231c4c0ad52a3e7f1d95f13a5

Download Submit
C:\Windows\AE 0124 BE.gif

Filesize
40KB

MD5
2f396a5eb6eddc9545d1e7223354821d

SHA1
fee4748c271d30d2ec5b8505a2347ddef82f9d32

SHA256
75f1b04a21656e4d832b38f3db92fcd6a649951c378c8e01af296cd02eec00d5

SHA512
7a4bf2867cbecf35c36d17443c43bb6b3c1c3c96b483b21d8441be5e7ff47c0cd14c9edfbff90bfe2fb726883317854310569cdc061748f708da8e7556d3d3ca

Download Submit
C:\Windows\AE 0124 BE.gif

Filesize
40KB

MD5
2f396a5eb6eddc9545d1e7223354821d

SHA1
fee4748c271d30d2ec5b8505a2347ddef82f9d32

SHA256
75f1b04a21656e4d832b38f3db92fcd6a649951c378c8e01af296cd02eec00d5

SHA512
7a4bf2867cbecf35c36d17443c43bb6b3c1c3c96b483b21d8441be5e7ff47c0cd14c9edfbff90bfe2fb726883317854310569cdc061748f708da8e7556d3d3ca

Download Submit
C:\Windows\Msvbvm60.dll

Filesize
147KB

MD5
4cb785a08202cc01ce75b4499a04f86e

SHA1
50b2751fc7e7bb495508b6600fba9ccaf0be1b78

SHA256
a0ce3c07bf8a5bc9a6bbf6de6b83797f705905c8e3356bfdb0b8b77dd983ea34

SHA512
24c348a6ec19341bf8f37b0274f8ab7445abcbd6dc33b11b96a3c9382e33d036a38d2daab3f3943adce79f743f876e32d6634b2e45baa824fd00c1823448fa46

Download Submit
C:\Windows\Msvbvm60.dll

Filesize
164KB

MD5
e185f6c2c6d26893f98a0490e682a485

SHA1
47d777b2b8c3a61c142756b6c79e2717b10685d0

SHA256
22a77454ab33437f60c6240c62507fe261c8046ae1524c63f3c199d2f66c81c3

SHA512
3a08a359b7bfbcc92ce20fd3085fde14db06c7cb2a5aba8e15677edc904c3187cb40a0494399d28022309d15b9dbb5918b9807b69cc99f0ec58a4d21f75a6458

Download Submit
C:\Windows\SysWOW64\drivers\MSVBVM60.DLL

Filesize
154KB

MD5
d2340ce5a63a5875c12ccbf735b21ba8

SHA1
593981f17c7996302667fe83a128ef1c55506b7c

SHA256
e6f3dab30d9ea0f5b4701d2e93b1c02d88c6c1af11a5d56412b30a02130b95f0

SHA512
350e39c05fe573a1e2603d12a0afde80d07e7637dcdf64ca39e7622295f3e2230e054ba9922a850a71f1a39c7a81256552a7f6b725f9866af7f8b1f547c3f19d

Download Submit
C:\Windows\SysWOW64\drivers\Msvbvm60.dll

Filesize
152KB

MD5
ac9a1caf259e8737b69fd154087bb56f

SHA1
2d4ddd186d7789054883e6ce9b377ca0085782e3

SHA256
a626d78658347d33e18c4980730150c62b3e7527f92778d2220cbb83cff017ae

SHA512
bb90701ed9bf602d4e08944e752a6176de663e2347257af51c7ee66ba6e8864c7abf7bbda3ac4b90ecdff85d690a9bf2807513235a83f42187bac4e43564d365

Download Submit
C:\Windows\SysWOW64\drivers\Msvbvm60.dll

Filesize
197KB

MD5
40fdf8abfbdfb4d167cca7e5357df0f3

SHA1
433c8f0f9ac5537f09e84bb0c371d20739144ff6

SHA256
0573cadcdfd5905eeb826a9ae9cdd24dbf367cefb597fb71c4c8fc11ff9b1fd3

SHA512
c25f6c2457215f41d407f152c6aecf6e0917549d142a8b381ed0a9c962fcce673d875a1eb30361c684601d17544deb8ab53025af1996c9ce5105f9fc8dee9b47

Download Submit
C:\Windows\SysWOW64\drivers\winlogon.exe

Filesize
40KB

MD5
c02c4e9772803fa9c1ad3be338d07cb2

SHA1
8b8d0cb7f379c1abac03d7d76b376a2cc490b887

SHA256
1fb0a9630fd0ab618dc6f57cc8b1111276500791ffd1e25f9345f2b4423e3731

SHA512
0f15531758ef66c7dac028922e53845001f712146b996fdb711c63872a88822d91c008aa31acc771c2389fd8373389f50c09e06231c4c0ad52a3e7f1d95f13a5

Download Submit
C:\Windows\SysWOW64\drivers\winlogon.exe

Filesize
40KB

MD5
c02c4e9772803fa9c1ad3be338d07cb2

SHA1
8b8d0cb7f379c1abac03d7d76b376a2cc490b887

SHA256
1fb0a9630fd0ab618dc6f57cc8b1111276500791ffd1e25f9345f2b4423e3731

SHA512
0f15531758ef66c7dac028922e53845001f712146b996fdb711c63872a88822d91c008aa31acc771c2389fd8373389f50c09e06231c4c0ad52a3e7f1d95f13a5

Download Submit
C:\Windows\SysWOW64\drivers\winlogon.exe

Filesize
40KB

MD5
c02c4e9772803fa9c1ad3be338d07cb2

SHA1
8b8d0cb7f379c1abac03d7d76b376a2cc490b887

SHA256
1fb0a9630fd0ab618dc6f57cc8b1111276500791ffd1e25f9345f2b4423e3731

SHA512
0f15531758ef66c7dac028922e53845001f712146b996fdb711c63872a88822d91c008aa31acc771c2389fd8373389f50c09e06231c4c0ad52a3e7f1d95f13a5

Download Submit
C:\Windows\SysWOW64\drivers\winlogon.exe

Filesize
40KB

MD5
c02c4e9772803fa9c1ad3be338d07cb2

SHA1
8b8d0cb7f379c1abac03d7d76b376a2cc490b887

SHA256
1fb0a9630fd0ab618dc6f57cc8b1111276500791ffd1e25f9345f2b4423e3731

SHA512
0f15531758ef66c7dac028922e53845001f712146b996fdb711c63872a88822d91c008aa31acc771c2389fd8373389f50c09e06231c4c0ad52a3e7f1d95f13a5

Download Submit
\??\c:\B1uv3nth3x1.diz

Filesize
25B

MD5
589b6886a49054d03b739309a1de9fcc

SHA1
0ec1dff7a03f13dea28eea5e754d5b0e5e1dc308

SHA256
564815feb9c5bdadb145cd0d16738c4e5fbc6a46cf65c62ac6a985c43d1939e8

SHA512
4b6f567398863aba39eec00e9f071364b79d5c29867b93fb968725e10e33a9bfff60f8ab6acceae44e715a35ec7139d12da06c33fa074b6be02ff5357c53c0eb

Download Submit
\??\c:\B1uv3nth3x1.diz

Filesize
25B

MD5
589b6886a49054d03b739309a1de9fcc

SHA1
0ec1dff7a03f13dea28eea5e754d5b0e5e1dc308

SHA256
564815feb9c5bdadb145cd0d16738c4e5fbc6a46cf65c62ac6a985c43d1939e8

SHA512
4b6f567398863aba39eec00e9f071364b79d5c29867b93fb968725e10e33a9bfff60f8ab6acceae44e715a35ec7139d12da06c33fa074b6be02ff5357c53c0eb

Download Submit
memory/260-139-0x0000000000000000-mapping.dmp

Download
memory/452-134-0x0000000000000000-mapping.dmp

Download
memory/2196-153-0x0000000000000000-mapping.dmp

Download
memory/4744-146-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads