Overview

overview

7

Static

static

0b89d26bae...d2.exe

windows7-x64

7

0b89d26bae...d2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    31s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 21:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0b89d26bae5a6d011ac4a4b91244b49a487fa5e4eb50ad9e11c0e86601d232d2.exe

  • Size

    1.1MB

  • MD5

    44a894bf04351d4cf2ace7c6a2f42d06

  • SHA1

    d91d75e889184bbce43c41980a248fe13438e060

  • SHA256

    0b89d26bae5a6d011ac4a4b91244b49a487fa5e4eb50ad9e11c0e86601d232d2

  • SHA512

    45031925d901f458c6dd892b033be4a2ae83e0912d2d798d384111961b243461e440ffc096479f5e26a7ce26bf9e6ab671d3e044325ab9562ae433f879f22f79

  • SSDEEP

    24576:2FqAgwcCxhqhFpd9QfB0BCwxyUwLb+9K3XkscYDWg:yXjxcf9Q50BjxynLSgnksZDWg

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0b89d26bae5a6d011ac4a4b91244b49a487fa5e4eb50ad9e11c0e86601d232d2.exe
    "C:\Users\Admin\AppData\Local\Temp\0b89d26bae5a6d011ac4a4b91244b49a487fa5e4eb50ad9e11c0e86601d232d2.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:2040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\win404.nls
    Filesize

    344KB

    MD5

    f2a2f0bb8029ef1e62065af033bf54a1

    SHA1

    efa1b5262ccab5ecc21875f0da400420165779b7

    SHA256

    cd169089a413b689d300ef0529625c83a83090fca316e9ecbab2007272786c91

    SHA512

    c2b9e9f1a1fbee87a2d6e6afab03cddc17f9c3b0e20f21d32063e5642d4a091dc13f343c106d254ee16d09b07d6b17cb89cfbd5c4d7903b5a27464555317aeab

    Download Submit

  • \Users\Admin\AppData\Local\Temp\win413.nls
    Filesize

    95KB

    MD5

    f69e72f404a767ddb38364f2bdb520d2

    SHA1

    98702671e8a0022ef0bf27b504b99ad207f24a97

    SHA256

    6b4b43beefed90b69d885495b3ae3eb956fb5116c1b281bae7fbcde0babd29d4

    SHA512

    9903cdc399e37d09f5999647018883cd211c41a41d1fd318e7ec454b469af217a1f26c795250da9f566f70d380b27f3818f58a382739749799a6c13b6aa02ae3

    Download Submit

  • memory/2040-54-0x0000000075D61000-0x0000000075D63000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2040-55-0x0000000000400000-0x00000000006A7000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/2040-58-0x0000000076F50000-0x00000000770D0000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2040-59-0x0000000076F50000-0x00000000770D0000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2040-60-0x0000000000400000-0x00000000006A7000-memory.dmp

    Filesize

    2.7MB

    Download