Overview

overview

7

Static

static

f1530f6398...bb.exe

windows7-x64

7

f1530f6398...bb.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    27s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    31-10-2022 01:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f1530f639816538944bd11d7c02f7d0fd870752884f367bfe96a02752bfcfabb.exe

  • Size

    595KB

  • MD5

    a1f80d64e575674c7fe6c880640cfce0

  • SHA1

    e31956c92089bf5e7f1e56a1392cd03b5a976955

  • SHA256

    f1530f639816538944bd11d7c02f7d0fd870752884f367bfe96a02752bfcfabb

  • SHA512

    6e0b4b422282e93d3744eb414856a699ecb98c8f49de0304adc291d003a2618c43cb38549b42f3176a474ec64952b2cb74c834e9b4bffe1e94e8c24ae5219cf2

  • SSDEEP

    12288:ThtgUFNxrky36qrfMxUX/J7VAzuaNKh+RvE5ituN2h5txJLeJBF0He:ThNNY+6qrfhkvKkVE0tuN2hvCJH0He

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f1530f639816538944bd11d7c02f7d0fd870752884f367bfe96a02752bfcfabb.exe
    "C:\Users\Admin\AppData\Local\Temp\f1530f639816538944bd11d7c02f7d0fd870752884f367bfe96a02752bfcfabb.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    PID:1224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\E_N4\krnln.fnr
    Filesize

    1.1MB

    MD5

    3fe72f93ab5f24a0ea2d753013a41c4b

    SHA1

    9206cd206c0b2782a2b1ad1d19ace97bae6e491e

    SHA256

    db32e8ea1d91009ca25b79d7e863a08be56632641a7a145326fbfbf0931b6c79

    SHA512

    24ce75304e6b5508d9bbf425a68b1907bc51f30c168dd3b800f34e1f7fc1aee044818848d1fde40e7556af5f16f94ea02d19344bd9ffda1a6d011a624d6f46e9

    Download Submit

  • memory/1224-55-0x0000000076711000-0x0000000076713000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1224-56-0x0000000000400000-0x0000000000419000-memory.dmp

    Filesize

    100KB

    Download