Overview

overview

8

Static

static

fec60ac196...0c.exe

windows7-x64

8

fec60ac196...0c.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/12/2022, 16:54

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    fec60ac1966805834d79054d17d9a51c4fd1d3051d98d8f218119a831b5b440c.exe

  • Size

    1.5MB

  • MD5

    03f81fe944c4f28ad09e3b70b1290099

  • SHA1

    64b7fe44e3bdf8a916429fe6188365aebef490d3

  • SHA256

    fec60ac1966805834d79054d17d9a51c4fd1d3051d98d8f218119a831b5b440c

  • SHA512

    7a6811d61e54bf67e2f21894b2262a962385953827eac740b58116f21502ceab2682c0ac9117d8e77cf00d43f0f7ef36373616255f9acd05da89c14e5d31973a

  • SSDEEP

    24576:NHRmKLopGIgRaVbYt8FbmIDZpfx7tapgEKpwuSF8KsZyoYj9C+rMDoogCg7mdJeK:XlKEKPSNNUDkhT6yK

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fec60ac1966805834d79054d17d9a51c4fd1d3051d98d8f218119a831b5b440c.exe
    "C:\Users\Admin\AppData\Local\Temp\fec60ac1966805834d79054d17d9a51c4fd1d3051d98d8f218119a831b5b440c.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:740
    • C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\e569501.exe
      C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\e569501.exe 240555281
      2⤵
      • Executes dropped EXE
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:3576

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\e569501.exe
          Filesize

          1.5MB

          MD5

          7916884df4c4ecf9c57a85e47bb96e8b

          SHA1

          f562f17635a34fc79e9088a6b8afbd89ebc427e0

          SHA256

          01c06911e80c37031ebf778cf453e70258baebb3336074504a3b392d2169bcf6

          SHA512

          d8f70f634652f30f9c3f7ea35d41f216f97c77011abd94b8c311c2d2675d24524add3d91efaac1aa6cbe8a79fc47e0d99189ebc0729ba9f70edc53cc0f8aec4d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ\e569501.exe
          Filesize

          1.5MB

          MD5

          7916884df4c4ecf9c57a85e47bb96e8b

          SHA1

          f562f17635a34fc79e9088a6b8afbd89ebc427e0

          SHA256

          01c06911e80c37031ebf778cf453e70258baebb3336074504a3b392d2169bcf6

          SHA512

          d8f70f634652f30f9c3f7ea35d41f216f97c77011abd94b8c311c2d2675d24524add3d91efaac1aa6cbe8a79fc47e0d99189ebc0729ba9f70edc53cc0f8aec4d

          Download Submit

        • memory/740-135-0x0000000000400000-0x00000000005CC033-memory.dmp

          Filesize

          1.8MB

          Download

        • memory/740-137-0x0000000000400000-0x00000000005CC033-memory.dmp

          Filesize

          1.8MB

          Download

        • memory/3576-136-0x0000000000400000-0x00000000005CC033-memory.dmp

          Filesize

          1.8MB

          Download

        • memory/3576-138-0x0000000000400000-0x00000000005CC033-memory.dmp

          Filesize

          1.8MB

          Download