Overview

overview

8

Static

static

2d000403e6...84.exe

windows7-x64

8

2d000403e6...84.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    152s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2022 14:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2d000403e6698589ea3c8957f3525055cc2a9b17cf9c70cf32afa4a0321be684.exe

  • Size

    132KB

  • MD5

    03138593f14f4104a1616713fc729cd0

  • SHA1

    34ab6f5b85aef918d988580ab95b50f9629ca939

  • SHA256

    2d000403e6698589ea3c8957f3525055cc2a9b17cf9c70cf32afa4a0321be684

  • SHA512

    0846ab084b6d5f0dd4798bec211cee755f781484c71e07ff3bacb4dad2fa0e6ffc57fe782ba86528fc88d758f22909efef22327424b4c12ef8276412a42a7df5

  • SSDEEP

    1536:/yu68K6k/oouuT3aKFpz5uvfxNu/MQE+Q5OO2sSABw7qrOI+8Sl8l6CZT:KWkgouueNvv5O9zd7qrOI+8wM

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2d000403e6698589ea3c8957f3525055cc2a9b17cf9c70cf32afa4a0321be684.exe
    "C:\Users\Admin\AppData\Local\Temp\2d000403e6698589ea3c8957f3525055cc2a9b17cf9c70cf32afa4a0321be684.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2548
    • C:\Users\Admin\AppData\Local\Temp\servicesc.exe
      C:\Users\Admin\AppData\Local\Temp\servicesc.exe 2d000403e6698589ea3c8957f3525055cc2a9b17cf9c70cf32afa4a0321be684.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2940

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\csh.dll
    Filesize

    68KB

    MD5

    8b8e53a924e28feb6a014b17910f5800

    SHA1

    3da6912715efb0268e4e886949c8ad55e41acdcb

    SHA256

    19fde3fb9e6b0282555ff6f4f99da8ad1294e10b115d4c925c22147a8ea17b00

    SHA512

    36f94c032765af4f764ca6ada3b56a61f8466166d38505461efb5f17bb3f6bd4adfde9a990db64c53d488fe75df26a0e1d528fa9eee2010f05e20d97ece00f7d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\servicesc.exe
    Filesize

    32KB

    MD5

    564b45c7bf27eabd55cdfbde14f81e09

    SHA1

    e69b69b1b69f7d6333af8500792bc378b15ace5a

    SHA256

    5fe1e869c881aad786f1ca044faa2b57a6f0505b0b2892daf8d1837eeae99ac2

    SHA512

    043037525904987eb6ddd06d0adce933eea3aaeda9797ca8636af419dbe820c122960d47f14076c7b7f1ff61f29774c90f454e14025090643cc6b41271c579ed

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\servicesc.exe
    Filesize

    32KB

    MD5

    564b45c7bf27eabd55cdfbde14f81e09

    SHA1

    e69b69b1b69f7d6333af8500792bc378b15ace5a

    SHA256

    5fe1e869c881aad786f1ca044faa2b57a6f0505b0b2892daf8d1837eeae99ac2

    SHA512

    043037525904987eb6ddd06d0adce933eea3aaeda9797ca8636af419dbe820c122960d47f14076c7b7f1ff61f29774c90f454e14025090643cc6b41271c579ed

    Download Submit

  • memory/2940-135-0x0000000000000000-mapping.dmp

    Download