Analysis
-
max time kernel
142s -
max time network
182s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
30-11-2022 16:44
Static task
static1
Behavioral task
behavioral1
Sample
b21e1f9b59c893d80782a0d2570db2292144a47722ac03c7c4113bed6426e584.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
b21e1f9b59c893d80782a0d2570db2292144a47722ac03c7c4113bed6426e584.exe
Resource
win10v2004-20221111-en
General
-
Target
b21e1f9b59c893d80782a0d2570db2292144a47722ac03c7c4113bed6426e584.exe
-
Size
1.1MB
-
MD5
ab739127f72512d0f631484fbe80bacd
-
SHA1
8447441d6d85015630e74851eaae4ecca274c33c
-
SHA256
b21e1f9b59c893d80782a0d2570db2292144a47722ac03c7c4113bed6426e584
-
SHA512
d161ae4fe0adb2cf285fc0337bdf76d00dd7045701f488cc4a36d0727ca2c0a479ae56b38a452f392c2af6fdedbe11aa5228d293e783ca3f87fee260c3fc6f94
-
SSDEEP
12288:XLx2KpmgXvsBBElYrUql5UWHFJuUJ095c0yjhjOuJ1r55pA:XLxQgXvs/EqrUqoIJuUGXA155+
Malware Config
Signatures
-
Dave packer 1 IoCs
Detects executable using a packer named 'Dave' by the community, based on a string at the end.
Processes:
resource yara_rule behavioral1/memory/1968-67-0x0000000000520000-0x000000000056E000-memory.dmp dave -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
b21e1f9b59c893d80782a0d2570db2292144a47722ac03c7c4113bed6426e584.exepid process 1968 b21e1f9b59c893d80782a0d2570db2292144a47722ac03c7c4113bed6426e584.exe 1968 b21e1f9b59c893d80782a0d2570db2292144a47722ac03c7c4113bed6426e584.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1968-54-0x00000000756B1000-0x00000000756B3000-memory.dmpFilesize
8KB
-
memory/1968-55-0x0000000000570000-0x00000000005C1000-memory.dmpFilesize
324KB
-
memory/1968-59-0x0000000010000000-0x000000001004F000-memory.dmpFilesize
316KB
-
memory/1968-62-0x0000000001E00000-0x0000000001E4E000-memory.dmpFilesize
312KB
-
memory/1968-67-0x0000000000520000-0x000000000056E000-memory.dmpFilesize
312KB