Overview

overview

8

Static

static

b017ee652f...08.exe

windows7-x64

8

b017ee652f...08.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    96s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    27-11-2022 20:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b017ee652fa141f845698f5e69b7ec9a18788d72607e20a5c295586629f98208.exe

  • Size

    4.2MB

  • MD5

    878242b17828184bf6919ce26afd57e8

  • SHA1

    c8e9f9c5606710c8a16f72e4472007d244d5c77e

  • SHA256

    b017ee652fa141f845698f5e69b7ec9a18788d72607e20a5c295586629f98208

  • SHA512

    f5fcd8936a5adc4ac3455a0f7ee11b466cd930640a803431cbe608da5ac9c6affc981ae01fb478c48e652c463f36dc845319dba92dfac6ef37958ce4fc9c0e74

  • SSDEEP

    98304:fG5E7swfP5Ds0mLMkFOtqjWMtstuut21/mPNH1J/BwFCuiKUGC1kJO22z+h/5PR:fG5Uh5s0mLBstqTtsvt2klVXDukLKv

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 6 IoCs
  • Suspicious use of SetWindowsHookEx 40 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b017ee652fa141f845698f5e69b7ec9a18788d72607e20a5c295586629f98208.exe
    "C:\Users\Admin\AppData\Local\Temp\b017ee652fa141f845698f5e69b7ec9a18788d72607e20a5c295586629f98208.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1636
    • C:\Users\Admin\AppData\Local\Temp\~esetup\setup.exe
      C:\Users\Admin\AppData\Local\Temp\~esetup\setup.exe setup.dat
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      PID:1356

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\~esetup\krnln.fnr
    Filesize

    1.2MB

    MD5

    a6a397b67ebac717e7ec095bf9b597ee

    SHA1

    80c7459654f3564c0cb74a47398d48e0f02cb82f

    SHA256

    847fbe068ff90112d9b76c04587439ee3a3866d8c60466bb4673491d94ddfd89

    SHA512

    0eb5528a4aad4458feddbefb5347d0e2cd84d6240a341ccc425d6ed98d15d8588d8635f21d30af389a2af5ac9537bea56a1d97530ac90e965989e296f1c5d8c8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~esetup\setup.dat
    Filesize

    5.8MB

    MD5

    b182eccd9b82723c7375baca2761ca07

    SHA1

    390b23cd5164e7c672dc706a841bcb399ec68228

    SHA256

    bc192ea125c44cdf03acf70574be4de23bdd886b7e78feaa7f533432016a3bb2

    SHA512

    e665da521e3221ea7dfc2633f5de05650fe28fabfc6dbf58873407bbda9dbbd49a1eda27adad2213dcbabd06888fad2eb8bc5187adb921e0674d34328c930b79

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~esetup\setup.exe
    Filesize

    44KB

    MD5

    2b1a4163d841e32d4ef21a90b23226ae

    SHA1

    f8e071e9776747a918888a91ad78f57d711d6b02

    SHA256

    1b5946c685c90a361c6494f95f6027e66a208733434aaa51e2d98a06b9a99eb7

    SHA512

    98692da4afe72dc7b6cd9724ff5ef43262af1886d2e503296f87e06a7fa7abeb069d2ed2f708c33ff763628fa65b1fdb59851d94ba4f3142bb9c526931bd836a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~esetup\setup.exe
    Filesize

    44KB

    MD5

    2b1a4163d841e32d4ef21a90b23226ae

    SHA1

    f8e071e9776747a918888a91ad78f57d711d6b02

    SHA256

    1b5946c685c90a361c6494f95f6027e66a208733434aaa51e2d98a06b9a99eb7

    SHA512

    98692da4afe72dc7b6cd9724ff5ef43262af1886d2e503296f87e06a7fa7abeb069d2ed2f708c33ff763628fa65b1fdb59851d94ba4f3142bb9c526931bd836a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~esetup\xplib.fne
    Filesize

    80KB

    MD5

    8f385e7c8cf1f8ebdae0448473977cc7

    SHA1

    942bf465e29a5e5f85580eb30aa9510b92f802d7

    SHA256

    d1a1c6bac6a498adccdafab9d600a372aa9d5b826a33cfa06aaa9f75357c5b23

    SHA512

    2372a8857591b829763cacbdfc0cf3d4884598c5f1c43f0815257cb7fb3b2c93b60b1027480e1d5a93bbc6eba054328d8d2b4997c7d81a5360811f8f1eecafa1

    Download Submit

  • \Users\Admin\AppData\Local\Temp\~esetup\krnln.fnr
    Filesize

    1.2MB

    MD5

    a6a397b67ebac717e7ec095bf9b597ee

    SHA1

    80c7459654f3564c0cb74a47398d48e0f02cb82f

    SHA256

    847fbe068ff90112d9b76c04587439ee3a3866d8c60466bb4673491d94ddfd89

    SHA512

    0eb5528a4aad4458feddbefb5347d0e2cd84d6240a341ccc425d6ed98d15d8588d8635f21d30af389a2af5ac9537bea56a1d97530ac90e965989e296f1c5d8c8

    Download Submit

  • \Users\Admin\AppData\Local\Temp\~esetup\setup.exe
    Filesize

    44KB

    MD5

    2b1a4163d841e32d4ef21a90b23226ae

    SHA1

    f8e071e9776747a918888a91ad78f57d711d6b02

    SHA256

    1b5946c685c90a361c6494f95f6027e66a208733434aaa51e2d98a06b9a99eb7

    SHA512

    98692da4afe72dc7b6cd9724ff5ef43262af1886d2e503296f87e06a7fa7abeb069d2ed2f708c33ff763628fa65b1fdb59851d94ba4f3142bb9c526931bd836a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\~esetup\setup.exe
    Filesize

    44KB

    MD5

    2b1a4163d841e32d4ef21a90b23226ae

    SHA1

    f8e071e9776747a918888a91ad78f57d711d6b02

    SHA256

    1b5946c685c90a361c6494f95f6027e66a208733434aaa51e2d98a06b9a99eb7

    SHA512

    98692da4afe72dc7b6cd9724ff5ef43262af1886d2e503296f87e06a7fa7abeb069d2ed2f708c33ff763628fa65b1fdb59851d94ba4f3142bb9c526931bd836a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\~esetup\setup.exe
    Filesize

    44KB

    MD5

    2b1a4163d841e32d4ef21a90b23226ae

    SHA1

    f8e071e9776747a918888a91ad78f57d711d6b02

    SHA256

    1b5946c685c90a361c6494f95f6027e66a208733434aaa51e2d98a06b9a99eb7

    SHA512

    98692da4afe72dc7b6cd9724ff5ef43262af1886d2e503296f87e06a7fa7abeb069d2ed2f708c33ff763628fa65b1fdb59851d94ba4f3142bb9c526931bd836a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\~esetup\setup.exe
    Filesize

    44KB

    MD5

    2b1a4163d841e32d4ef21a90b23226ae

    SHA1

    f8e071e9776747a918888a91ad78f57d711d6b02

    SHA256

    1b5946c685c90a361c6494f95f6027e66a208733434aaa51e2d98a06b9a99eb7

    SHA512

    98692da4afe72dc7b6cd9724ff5ef43262af1886d2e503296f87e06a7fa7abeb069d2ed2f708c33ff763628fa65b1fdb59851d94ba4f3142bb9c526931bd836a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\~esetup\xplib.fne
    Filesize

    80KB

    MD5

    8f385e7c8cf1f8ebdae0448473977cc7

    SHA1

    942bf465e29a5e5f85580eb30aa9510b92f802d7

    SHA256

    d1a1c6bac6a498adccdafab9d600a372aa9d5b826a33cfa06aaa9f75357c5b23

    SHA512

    2372a8857591b829763cacbdfc0cf3d4884598c5f1c43f0815257cb7fb3b2c93b60b1027480e1d5a93bbc6eba054328d8d2b4997c7d81a5360811f8f1eecafa1

    Download Submit

  • memory/1356-59-0x0000000075211000-0x0000000075213000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1356-56-0x0000000000000000-mapping.dmp

    Download

  • memory/1356-68-0x0000000000330000-0x0000000000344000-memory.dmp

    Filesize

    80KB

    Download

  • memory/1356-69-0x0000000000020000-0x000000000002E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1356-70-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1356-71-0x0000000000020000-0x000000000002E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1356-72-0x0000000000020000-0x000000000002E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1636-55-0x0000000000220000-0x000000000022E000-memory.dmp

    Filesize

    56KB

    Download