Overview

overview

3

Static

static

b8d81b0161...61.exe

windows7-x64

1

b8d81b0161...61.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    37s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    29-10-2022 02:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b8d81b0161bcdc82aadcbb497984a18d41b5d3de9a8d67c45a4a5ee23ce38661.exe

  • Size

    122KB

  • MD5

    31a3c368222cdd516c950b5352d9a4f3

  • SHA1

    240dcc95dfb795f027f6ccd6375c05d522c7570f

  • SHA256

    b8d81b0161bcdc82aadcbb497984a18d41b5d3de9a8d67c45a4a5ee23ce38661

  • SHA512

    826a1419277fc5c02aff4d6cbf9e36dc755a1fa55d119e2f2826516dfcee0cec28109b3293868f3ae72785998453d21271a3da8e0b29b730134e512500b16c05

  • SSDEEP

    1536:nFyzF9MFVCujlsQoeQZZ86ukpj0nGGF9v+4DR5n:FyzQVCujl71QZZ4kp4F9XtZ

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b8d81b0161bcdc82aadcbb497984a18d41b5d3de9a8d67c45a4a5ee23ce38661.exe
    "C:\Users\Admin\AppData\Local\Temp\b8d81b0161bcdc82aadcbb497984a18d41b5d3de9a8d67c45a4a5ee23ce38661.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1152
    • \??\c:\windows\system\explorer.exe
      c:\windows\system\explorer.exe
      2⤵
        PID:1116
    • \??\c:\windows\system\spoolsv.exe
      c:\windows\system\spoolsv.exe PR
      1⤵
        PID:1708
      • \??\c:\windows\system\svchost.exe
        c:\windows\system\svchost.exe
        1⤵
          PID:1612
        • \??\c:\windows\system\spoolsv.exe
          c:\windows\system\spoolsv.exe SE
          1⤵
            PID:1992

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Roaming\mrsys.exe
            Filesize

            32KB

            MD5

            74cb24689e9af722a6e4dae1059e10dd

            SHA1

            70ce0dc8a6f76fc2cbad6f627e96b699265455b5

            SHA256

            5b3b9d416980bf990d1f685259c5c15ed8965e12e3237117a93f7c56ac420c18

            SHA512

            85c947f73e052c7397c2f9beb25482e5a3981f239cd77049d08fea3a1ab4f02af5a9d0ff59372357814cbfab7693040e0ed5c0b28fefc6d24e68290bc0855c54

            Download Submit

          • C:\Windows\system\explorer.exe
            Filesize

            25KB

            MD5

            78a2ce11eb950793b6dbffbc0f3c4a17

            SHA1

            66626889379ba24e3eabfd6e4ba3400197c24572

            SHA256

            3258fa1e6461ca6b6fd62cf1849826320bdc5e0b476feb79ea92bb0a2a74848f

            SHA512

            ce8cd751c46700ea9d9bdfee96bbcfb68681d9f697dbb82dcdf53518a9b500272df6aed4ee3baf12e3d33e0b34195e3dff18c79104f27f0c983c2742a2ea96ea

            Download Submit

          • C:\Windows\system\spoolsv.exe
            Filesize

            10KB

            MD5

            943ef43a67b941af8d4b08a8a1ff578a

            SHA1

            f06ff40480e67207f87c299564d7e7cc74629aec

            SHA256

            cd5cbb071c80ddf5132bf99792b30bd8c311dce15def734627e6d7da027d1f9e

            SHA512

            e5aa3b00e56b67bda6993446d2a895f4fc3e31b3c8d412c246a90a2b320397043a2dba0e6766c5b4ce22cd27e0fd217349ca06e3cb567db04aaa732d7f7f618a

            Download Submit

          • C:\Windows\system\spoolsv.exe
            Filesize

            15KB

            MD5

            bc518cf6f8804bf8860dedf23ca2d5ae

            SHA1

            95a2310bcc54b9716d14ca4a89eb8aa4357c0ef9

            SHA256

            2c398962f46d2a4da86b2f74d7f380044c74f40111de8df819473117726fad00

            SHA512

            2f7eb8ecbb56cb3fd8c9fd1404faf8e2af1950a76436db78d91db2a26ef665ba7803f0abe75e146681b57d5ce10f2fdbe29e19cf1b5f016869e279df028e2b17

            Download Submit

          • C:\Windows\system\svchost.exe
            Filesize

            17KB

            MD5

            e0babac49d39fdce000aef73286e2f9e

            SHA1

            1d7a46ff650f200015add51b733b61a066d8bf4c

            SHA256

            9ff6fcfb134a1f98ebd1bd78d00fce14f2a7121a3a9f4a76412065406bc56680

            SHA512

            c6023d4754c547242e8488f0e8a056d5712c7a9978cc7f3c390bc2c765f4b53bea0b3a201cd5413df0bc484dcc0be09a1edc681a60594298f95b708f7c5563b9

            Download Submit

          • \??\c:\windows\system\explorer.exe
            Filesize

            12KB

            MD5

            b9b83a341b5a8db4694bfc3307a7153f

            SHA1

            8523af666452303bd47070fea7527ed32fe5c428

            SHA256

            56c5f708b26725dbb3b039444d5e8f1e300a85a6f65347eb0f945d771106e001

            SHA512

            e7d964a4e9b889e0906625b0abad2de2c55d1bf55dea9460d9cf5b32023e02a53edfc227090f106ad9891c11f72ff3a9be9fa2ee66fe3b622b31f8f454d7995f

            Download Submit

          • \??\c:\windows\system\spoolsv.exe
            Filesize

            14KB

            MD5

            3628fc427d84bd0b6e96a1d888cfee6c

            SHA1

            f9a784f23fc03689b5f7c9d1b6bf08a968ff90b9

            SHA256

            ed94427ba0bfa9fc308efca2ca9e25c59b25af9512275ac9d4b78d05ac4c984e

            SHA512

            92c6d3b4afaf87d2b02038bb89f9df2e51cdc19b1dead95391398effb1a9848a942db7bd2a52d1e334737a816cfd1ed8374f943ba94e1bbc535a39cf90f05edf

            Download Submit

          • \??\c:\windows\system\svchost.exe
            Filesize

            22KB

            MD5

            60557ad413974de8cc9b433635263f96

            SHA1

            c9f9808100be477e92e0526f75948ed6791ece09

            SHA256

            cf086cad7037325399b5a3757fc6d36304886882fd845589cd1b46863b7ef156

            SHA512

            28e074ac22c2722eab779caebefeab50fcffacacf6fae56272a91b6dab44c646c8d4fe222e00b1d3f5abba2f3bdaeeaf4cbb669f27ee3669b47233d41b2737e9

            Download Submit

          • \Windows\system\explorer.exe
            Filesize

            4KB

            MD5

            c9e396aa846550a15218a99e9c355520

            SHA1

            e86171271f744678e396bb3aa56bcf44b91604c5

            SHA256

            64a728a5335f1ff0680e07fee52307e9bf2a07cd6f039c8c916c51785279b4b7

            SHA512

            72a484cfb094680093418a1bcd89c735a4801ca74b120d43c17d0fe9ca3e3167453982e2dca2e470c53830c15558739047c9be7f0dfd047897320bab896c617c

            Download Submit

          • \Windows\system\explorer.exe
            Filesize

            16KB

            MD5

            8058a08cba029efbdd48ddffb06ba72d

            SHA1

            bace115a9f88833855d2dba70e2380950e1cd0cf

            SHA256

            f1f0986b88aeb78e42ec65ad88fadd944d99e90b2cdd1ca4fadf7dedd4804034

            SHA512

            a0ffd8f4a9ce75b7c748c3450a14582e3f428a914d0876cdac90342d445268a29cb8ead1e2ff6946c557c703fede956b9efc4addf14c7d4b6a64697c62ac69d3

            Download Submit

          • \Windows\system\spoolsv.exe
            Filesize

            13KB

            MD5

            e820c0e88f3e06108d0a31b1dc8178c2

            SHA1

            d35576cc8d2806050956cfaa780d248a07e0ace6

            SHA256

            f91948141c9befd12691411c16007567f1cd5b92853936b9634da7bfcae1f234

            SHA512

            ff998d65a99389132f1b8ecbac7790023e8887556b1cbb0bfcaf02e571477261c6bd982b73a504211ef36073c4263e20f2edfa934f26f53c7bb32212dcc31f0b

            Download Submit

          • \Windows\system\spoolsv.exe
            Filesize

            18KB

            MD5

            6b1f5758dba90a41d8059de527076140

            SHA1

            d85f9edda7c5cb1d217506c1a8ad1e5c2b620134

            SHA256

            7d1b543d67a97f43a7dc6eb66bb8455fb8dfe83629270caf2856320b4dc0d145

            SHA512

            5929a9a83cbe41dfc79085945d8a9c330f18bd3d44d90980dc2a7a28a91113242f9827b84e4aa8c84b0a67c16d7834b38a9df521b586e219db698c56acb7cc9e

            Download Submit

          • \Windows\system\spoolsv.exe
            Filesize

            30KB

            MD5

            7079e7ebb54a3893d7a0a55581e57ee7

            SHA1

            2d83a32bde4777ebb1b1bc6523c2d283fc52e7e6

            SHA256

            4b6cfeae6bfe6cb80f517b555235a72bf86c688614b097daf763e60681e789d6

            SHA512

            3789b6a67564ce126dbe77bad65ce1508d30b91236579c01564141f75dfd650c682597d91f2286e6aafaf5bff7b269731e4814b8a717727b23979bb21ebb2897

            Download Submit

          • \Windows\system\spoolsv.exe
            Filesize

            31KB

            MD5

            54b19518b651f1a813ffbdccf434ee63

            SHA1

            fbb12bafb79f448b5a1451d1e76770902ae2b93d

            SHA256

            6d143194f7068c4ef9931c63aadf0453ec3c73eab67d1d9704e386b16f3bcd62

            SHA512

            1b06db55c642e0d9d7cd8f2491ccf27664df8c71925aa3ac0ca3f4c72af77a9780ab4311edd5a1cd813b6b070fc0a35bbe8017fd12e86ff278dfa1cfc679dcf0

            Download Submit

          • \Windows\system\svchost.exe
            Filesize

            19KB

            MD5

            dc1bc836f091930ea108eb345e69c2e1

            SHA1

            b7de34d8faa4edf8e5f479d5bce32db3987de476

            SHA256

            427ae1a9b7fbf84173de2690367a0edd4bbff1eb836673a63d5eeafd38a62f23

            SHA512

            0e176b8b7db81f5e7de39e8b422ea6e7e8619d0ebeb40fd4b7b16fb92e2ee83f83f157201b7f6a97b661f3da4461ec649b67ca5b11dd134e6c90ed97e1515edf

            Download Submit

          • \Windows\system\svchost.exe
            Filesize

            17KB

            MD5

            409499c4b188d7431833b2f07f55d58a

            SHA1

            cf7d851b0eb364f0366c2cc108231b94494cc1a4

            SHA256

            7533f937cf770c513a78953f7e327ba43f346c89ac0d343a588446a196131c7a

            SHA512

            a564b8db1d64c3b1604fef636d2a0954b63497a839c65602e77d664ce5188193bac0e544ea5e173f199e26df303174c3259e6efac0ca595109e62b1e3daca3d4

            Download Submit

          • memory/1152-57-0x0000000076201000-0x0000000076203000-memory.dmp

            Filesize

            8KB

            Download