Analysis
-
max time kernel
317s -
max time network
423s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
30-11-2022 16:44
Static task
static1
Behavioral task
behavioral1
Sample
b21e1f9b59c893d80782a0d2570db2292144a47722ac03c7c4113bed6426e584.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
b21e1f9b59c893d80782a0d2570db2292144a47722ac03c7c4113bed6426e584.exe
Resource
win10v2004-20221111-en
General
-
Target
b21e1f9b59c893d80782a0d2570db2292144a47722ac03c7c4113bed6426e584.exe
-
Size
1.1MB
-
MD5
ab739127f72512d0f631484fbe80bacd
-
SHA1
8447441d6d85015630e74851eaae4ecca274c33c
-
SHA256
b21e1f9b59c893d80782a0d2570db2292144a47722ac03c7c4113bed6426e584
-
SHA512
d161ae4fe0adb2cf285fc0337bdf76d00dd7045701f488cc4a36d0727ca2c0a479ae56b38a452f392c2af6fdedbe11aa5228d293e783ca3f87fee260c3fc6f94
-
SSDEEP
12288:XLx2KpmgXvsBBElYrUql5UWHFJuUJ095c0yjhjOuJ1r55pA:XLxQgXvs/EqrUqoIJuUGXA155+
Malware Config
Signatures
-
Dave packer 1 IoCs
Detects executable using a packer named 'Dave' by the community, based on a string at the end.
Processes:
resource yara_rule behavioral2/memory/1056-144-0x0000000002470000-0x00000000024BE000-memory.dmp dave -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
b21e1f9b59c893d80782a0d2570db2292144a47722ac03c7c4113bed6426e584.exepid process 1056 b21e1f9b59c893d80782a0d2570db2292144a47722ac03c7c4113bed6426e584.exe 1056 b21e1f9b59c893d80782a0d2570db2292144a47722ac03c7c4113bed6426e584.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1056-132-0x00000000024C0000-0x0000000002511000-memory.dmpFilesize
324KB
-
memory/1056-136-0x0000000010000000-0x000000001004F000-memory.dmpFilesize
316KB
-
memory/1056-139-0x0000000002530000-0x000000000257E000-memory.dmpFilesize
312KB
-
memory/1056-144-0x0000000002470000-0x00000000024BE000-memory.dmpFilesize
312KB