b1a198311d34a09539e8093729235f266caccd9366df00d25335f459798acfd1

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 09:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b1a198311d34a09539e8093729235f266caccd9366df00d25335f459798acfd1.exe
Size

984KB
MD5

f25a8e3f5265a57269590b84a506b672
SHA1

8413ee5a55d52fd306320f5f1429a55a39bd7a47
SHA256

b1a198311d34a09539e8093729235f266caccd9366df00d25335f459798acfd1
SHA512

89e1348e9f62bfa5f3af06b659396cd687511259a7b425720f31de50f0a90e9b9f546a80f56d018ffab8d8379bece5a5a04872f5793f3cbcf849d209959f2095
SSDEEP

24576:WiZ4NMlr/acS4uAvgMLAtsXBP70m+V751ac0u+1K6yusNHAAlAPnKV17UipvMySP:9MMlry34usg6AtsRz0r1X0TKHRlAP2dr

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

Sdmr.exeSdmr.exe

pid process

972 Sdmr.exe
572 Sdmr.exe

pid	process
972	Sdmr.exe
572	Sdmr.exe

Drops file in Windows directory 2 IoCs

Processes:

b1a198311d34a09539e8093729235f266caccd9366df00d25335f459798acfd1.exe

description	ioc	process
File created	C:\Windows\Sdmr.exe	b1a198311d34a09539e8093729235f266caccd9366df00d25335f459798acfd1.exe
File created	C:\Windows\dmr.exe	b1a198311d34a09539e8093729235f266caccd9366df00d25335f459798acfd1.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

b1a198311d34a09539e8093729235f266caccd9366df00d25335f459798acfd1.exe

pid	process
1368	b1a198311d34a09539e8093729235f266caccd9366df00d25335f459798acfd1.exe
1368	b1a198311d34a09539e8093729235f266caccd9366df00d25335f459798acfd1.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

b1a198311d34a09539e8093729235f266caccd9366df00d25335f459798acfd1.exe

description	pid	process	target process
PID 1368 wrote to memory of 972	1368	b1a198311d34a09539e8093729235f266caccd9366df00d25335f459798acfd1.exe	Sdmr.exe
PID 1368 wrote to memory of 972	1368	b1a198311d34a09539e8093729235f266caccd9366df00d25335f459798acfd1.exe	Sdmr.exe
PID 1368 wrote to memory of 972	1368	b1a198311d34a09539e8093729235f266caccd9366df00d25335f459798acfd1.exe	Sdmr.exe
PID 1368 wrote to memory of 972	1368	b1a198311d34a09539e8093729235f266caccd9366df00d25335f459798acfd1.exe	Sdmr.exe

C:\Users\Admin\AppData\Local\Temp\b1a198311d34a09539e8093729235f266caccd9366df00d25335f459798acfd1.exe
"C:\Users\Admin\AppData\Local\Temp\b1a198311d34a09539e8093729235f266caccd9366df00d25335f459798acfd1.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1368

C:\Windows\Sdmr.exe
C:\Windows\Sdmr setup
2⤵
- Executes dropped EXE
PID:972

C:\Windows\Sdmr.exe
C:\Windows\Sdmr.exe
1⤵
- Executes dropped EXE
PID:572

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Sdmr.exe

Filesize
174KB

MD5
2bc9ace5bddaa9f70ed0e8fb22489732

SHA1
a5de5307a484f0d4deae2c49ac007ce5c49a5fc4

SHA256
6a98757092493227b0ba5250b51c33e7cd075e745eaf9dba8e42f67ca484af04

SHA512
3005bff9a0c5f6a871e7a4824a98f9f534bbf19a4c30e719a55640cd7e96141babd0b85c7b3bfa6e3e4afdfa7bb98354dcdc158a6d95f1e4c3b518e356ec7a0a

Download Submit
C:\Windows\Sdmr.exe

Filesize
174KB

MD5
2bc9ace5bddaa9f70ed0e8fb22489732

SHA1
a5de5307a484f0d4deae2c49ac007ce5c49a5fc4

SHA256
6a98757092493227b0ba5250b51c33e7cd075e745eaf9dba8e42f67ca484af04

SHA512
3005bff9a0c5f6a871e7a4824a98f9f534bbf19a4c30e719a55640cd7e96141babd0b85c7b3bfa6e3e4afdfa7bb98354dcdc158a6d95f1e4c3b518e356ec7a0a

Download Submit
memory/572-72-0x0000000000AE0000-0x0000000000B56000-memory.dmp

Filesize
472KB

Download
memory/572-71-0x0000000000400000-0x000000000049B402-memory.dmp

Filesize
621KB

Download
memory/572-68-0x0000000000400000-0x000000000049B402-memory.dmp

Filesize
621KB

Download
memory/972-58-0x0000000000400000-0x000000000049B402-memory.dmp

Filesize
621KB

Download
memory/972-64-0x0000000000400000-0x000000000049B402-memory.dmp

Filesize
621KB

Download
memory/972-65-0x0000000000380000-0x00000000003F6000-memory.dmp

Filesize
472KB

Download
memory/972-57-0x0000000000400000-0x000000000049B402-memory.dmp

Filesize
621KB

Download
memory/972-55-0x0000000000000000-mapping.dmp

Download
memory/972-74-0x0000000000400000-0x000000000049B402-memory.dmp

Filesize
621KB

Download
memory/1368-62-0x0000000000560000-0x00000000005FC000-memory.dmp

Filesize
624KB

Download
memory/1368-63-0x0000000000560000-0x00000000005FC000-memory.dmp

Filesize
624KB

Download
memory/1368-61-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/1368-54-0x0000000076461000-0x0000000076463000-memory.dmp

Filesize
8KB

Download
memory/1368-73-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download