Overview

overview

8

Static

static

e74e9a6d11...4e.exe

windows7-x64

8

e74e9a6d11...4e.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    39s
  • max time network
    43s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    07/11/2022, 03:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e74e9a6d116307010f36d4964cd30021cde83a303f6f130d1f371424ed262c4e.exe

  • Size

    51KB

  • MD5

    083878165465c713ce4bf95441001fc6

  • SHA1

    895438e9d2ca6229ba17d4c2ce1a408256d9ac2d

  • SHA256

    e74e9a6d116307010f36d4964cd30021cde83a303f6f130d1f371424ed262c4e

  • SHA512

    074fc6ccc894be9110d0ef17d0893b1b1825fb11e3148a4a21d9b9d33660ec1871f904d8b20a3375fa34b35777fca1b15cb4d16f979a4d19c9384405cacf1c5a

  • SSDEEP

    768:Vvdv6GHnHKMBg93qHbGjZDImJN1XT+yHRV1firwzb5:VlvRHzAaHfmJ+yHRrig5

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e74e9a6d116307010f36d4964cd30021cde83a303f6f130d1f371424ed262c4e.exe
    "C:\Users\Admin\AppData\Local\Temp\e74e9a6d116307010f36d4964cd30021cde83a303f6f130d1f371424ed262c4e.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious behavior: RenamesItself
    • Suspicious use of SetWindowsHookEx
    PID:1096
  • C:\Windows\SysWOW64\vgtdcg.exe
    C:\Windows\SysWOW64\vgtdcg.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetThreadContext
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:696
    • C:\Windows\SysWOW64\svchost.exe
      svchost.exe
      2⤵
        PID:1144

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\SysWOW64\vgtdcg.exe
      Filesize

      51KB

      MD5

      083878165465c713ce4bf95441001fc6

      SHA1

      895438e9d2ca6229ba17d4c2ce1a408256d9ac2d

      SHA256

      e74e9a6d116307010f36d4964cd30021cde83a303f6f130d1f371424ed262c4e

      SHA512

      074fc6ccc894be9110d0ef17d0893b1b1825fb11e3148a4a21d9b9d33660ec1871f904d8b20a3375fa34b35777fca1b15cb4d16f979a4d19c9384405cacf1c5a

      Download Submit

    • C:\Windows\SysWOW64\vgtdcg.exe
      Filesize

      51KB

      MD5

      083878165465c713ce4bf95441001fc6

      SHA1

      895438e9d2ca6229ba17d4c2ce1a408256d9ac2d

      SHA256

      e74e9a6d116307010f36d4964cd30021cde83a303f6f130d1f371424ed262c4e

      SHA512

      074fc6ccc894be9110d0ef17d0893b1b1825fb11e3148a4a21d9b9d33660ec1871f904d8b20a3375fa34b35777fca1b15cb4d16f979a4d19c9384405cacf1c5a

      Download Submit

    • memory/1096-54-0x00000000768A1000-0x00000000768A3000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1144-58-0x0000000000400000-0x0000000000410000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1144-60-0x0000000000400000-0x0000000000410000-memory.dmp

      Filesize

      64KB

      Download