Overview

overview

8

Static

static

8

eae42fdeb7...94.exe

windows7-x64

8

eae42fdeb7...94.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    33s
  • max time network
    42s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    07-11-2022 21:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eae42fdeb7ba3c885a2c0a7fa1c283999b38479975883eb247f8ef59d65ca694.exe

  • Size

    196KB

  • MD5

    0b46c162d03ed2ba8cd496e76ea29520

  • SHA1

    be8980c8f73b00b9d794a0b4bb8cc90854ab2856

  • SHA256

    eae42fdeb7ba3c885a2c0a7fa1c283999b38479975883eb247f8ef59d65ca694

  • SHA512

    21d54d4f0f4202f2299cce6bbffc425beba8c119136c1028895d90130c158a853f6d5c7250c853cd03c779bdd3bbf445af3f1731912a2bb19c7d5b0b109aefd6

  • SSDEEP

    6144:T5c8IEliHkjSMl04M1lNmoIyKPWFOBnJ1HIzAS:1pIOiHk+E05lsoIlo0THK

Score
8/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\eae42fdeb7ba3c885a2c0a7fa1c283999b38479975883eb247f8ef59d65ca694.exe
    "C:\Users\Admin\AppData\Local\Temp\eae42fdeb7ba3c885a2c0a7fa1c283999b38479975883eb247f8ef59d65ca694.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1608
    • C:\Users\Admin\AppData\Local\Temp\CSRSFIX.EXE
      C:\Users\Admin\AppData\Local\Temp\CSRSFIX.EXE
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:1892

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\CSRSFIX.EXE
    Filesize

    196KB

    MD5

    0b46c162d03ed2ba8cd496e76ea29520

    SHA1

    be8980c8f73b00b9d794a0b4bb8cc90854ab2856

    SHA256

    eae42fdeb7ba3c885a2c0a7fa1c283999b38479975883eb247f8ef59d65ca694

    SHA512

    21d54d4f0f4202f2299cce6bbffc425beba8c119136c1028895d90130c158a853f6d5c7250c853cd03c779bdd3bbf445af3f1731912a2bb19c7d5b0b109aefd6

    Download Submit

  • \Users\Admin\AppData\Local\Temp\CSRSFIX.EXE
    Filesize

    196KB

    MD5

    0b46c162d03ed2ba8cd496e76ea29520

    SHA1

    be8980c8f73b00b9d794a0b4bb8cc90854ab2856

    SHA256

    eae42fdeb7ba3c885a2c0a7fa1c283999b38479975883eb247f8ef59d65ca694

    SHA512

    21d54d4f0f4202f2299cce6bbffc425beba8c119136c1028895d90130c158a853f6d5c7250c853cd03c779bdd3bbf445af3f1731912a2bb19c7d5b0b109aefd6

    Download Submit

  • \Users\Admin\AppData\Local\Temp\CSRSFIX.EXE
    Filesize

    196KB

    MD5

    0b46c162d03ed2ba8cd496e76ea29520

    SHA1

    be8980c8f73b00b9d794a0b4bb8cc90854ab2856

    SHA256

    eae42fdeb7ba3c885a2c0a7fa1c283999b38479975883eb247f8ef59d65ca694

    SHA512

    21d54d4f0f4202f2299cce6bbffc425beba8c119136c1028895d90130c158a853f6d5c7250c853cd03c779bdd3bbf445af3f1731912a2bb19c7d5b0b109aefd6

    Download Submit

  • memory/1608-54-0x0000000075A91000-0x0000000075A93000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1608-60-0x0000000000400000-0x00000000004B0000-memory.dmp

    Filesize

    704KB

    Download

  • memory/1608-61-0x0000000001FA0000-0x0000000002050000-memory.dmp

    Filesize

    704KB

    Download

  • memory/1892-62-0x0000000000400000-0x00000000004B0000-memory.dmp

    Filesize

    704KB

    Download

  • memory/1892-63-0x0000000000400000-0x00000000004B0000-memory.dmp

    Filesize

    704KB

    Download