Overview

overview

7

Static

static

d8d22995ff...f6.exe

windows7-x64

7

d8d22995ff...f6.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    39s
  • max time network
    50s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    03/12/2022, 20:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d8d22995ffde0c2ef4bc70a26cfbed41cf787ce59e2ad457ecf01e4bddf699f6.exe

  • Size

    512KB

  • MD5

    18ba1112d9a9e69b9168e7f3daae4356

  • SHA1

    2bfcbff9be0349ba5a7741de2b80f6a2befe969d

  • SHA256

    d8d22995ffde0c2ef4bc70a26cfbed41cf787ce59e2ad457ecf01e4bddf699f6

  • SHA512

    d501e8c528ddf8518c04162bbcaef32c6cd488ea933d549bef17bb6f5860a3e26832ad533da1fc849479fed6e496c8e4b712f5efa67289b906d7b3859888c44d

  • SSDEEP

    6144:GGLHJniDG0kySViLyCty9ogiyjv5EW+Y5uAIAxApsS437t0ys8ltWofd+HPwJEBE:XbJnoG0RyCs6giybBunHWJOzoVuPwJz

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d8d22995ffde0c2ef4bc70a26cfbed41cf787ce59e2ad457ecf01e4bddf699f6.exe
    "C:\Users\Admin\AppData\Local\Temp\d8d22995ffde0c2ef4bc70a26cfbed41cf787ce59e2ad457ecf01e4bddf699f6.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    PID:1388
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x540
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\E_4\krnln.fnr
    Filesize

    370KB

    MD5

    bae64ec48bd319ac1f9a532562acc72e

    SHA1

    e59840a0803e44c9ac90ab6e1548b3591f6519ac

    SHA256

    8bc855e0329525aa344c59981fd184877d59d2010a9097574619dfd365c077d4

    SHA512

    68502dc10305c1150fa6d117cec96807fe165acfc5e8359daae7f50476b1a23efb0c1f63ec407000d0c230cb134c15a1118a81632e67cb3b38dab42fe0b431c6

    Download Submit

  • memory/1388-54-0x0000000000400000-0x0000000000462000-memory.dmp

    Filesize

    392KB

    Download

  • memory/1388-57-0x0000000075711000-0x0000000075713000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1388-58-0x0000000010000000-0x000000001017F000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/1388-61-0x0000000010000000-0x000000001017F000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/1388-60-0x0000000000400000-0x0000000000462000-memory.dmp

    Filesize

    392KB

    Download

  • memory/1388-62-0x0000000010000000-0x000000001017F000-memory.dmp

    Filesize

    1.5MB

    Download