Overview

overview

8

Static

static

8

7ae194e5c5...64.exe

windows7-x64

7

7ae194e5c5...64.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    234s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    05/12/2022, 07:57

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7ae194e5c52a279ba0757e09471c9223d2aebef4da59b4e195e585f02922c664.exe

  • Size

    621KB

  • MD5

    ed893442b29dc3b094778e34814c5151

  • SHA1

    e86bc8a793a313cd53af95e6be5048821c9a6972

  • SHA256

    7ae194e5c52a279ba0757e09471c9223d2aebef4da59b4e195e585f02922c664

  • SHA512

    d6caa5274fffff6c72faf4d4e3bdb18abae6674bd75bb6a8480255de9c98f73859f79b0930093687970f5c8de335fe3ea99b3a518c52155a109fa8268150fec1

  • SSDEEP

    12288:tXf/5+liMtlyETrRtg+Y9TMmOhhp/KotaUwia8rdc46whkbZt:h5MikDTg+mf+wotaUwr86rwSb7

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 29 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7ae194e5c52a279ba0757e09471c9223d2aebef4da59b4e195e585f02922c664.exe
    "C:\Users\Admin\AppData\Local\Temp\7ae194e5c52a279ba0757e09471c9223d2aebef4da59b4e195e585f02922c664.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:668

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\sooaft\iext.fnr
          Filesize

          216KB

          MD5

          cba933625bfa502fc4a1d9f34e1e4473

          SHA1

          5319194388c0e53321f99f1541b97af191999a09

          SHA256

          25549c7781b3f1b92e73b0ea721d177207cce914a66f3229a71291f2eb160013

          SHA512

          f5fb4b97c4f68a20e0847e6528740ce659c4501726f3b2dff1ac83e88a3b7198099da03edb0f069cd4af7ed568a2373597b235cd239895addfa5226d3a444142

          Download Submit

        • \Users\Admin\AppData\Local\Temp\sooaft\krnln.fnr
          Filesize

          1.1MB

          MD5

          638e737b2293cf7b1f14c0b4fb1f3289

          SHA1

          f8e2223348433b992a8c42c4a7a9fb4b5c1158bc

          SHA256

          baad4798c3ab24dec8f0ac3cde48e2fee2e2dffa60d2b2497cd295cd6319fd5b

          SHA512

          4d714a0980238c49af10376ff26ec9e6415e7057925b32ec1c24780c3671047ac5b5670e46c1c6cf9f160519be8f37e1e57f05c30c6c4bda3b275b143aa0bf12

          Download Submit

        • memory/668-54-0x0000000000400000-0x000000000041CF25-memory.dmp

          Filesize

          115KB

          Download

        • memory/668-56-0x0000000000400000-0x000000000041CF25-memory.dmp

          Filesize

          115KB

          Download

        • memory/668-58-0x0000000076391000-0x0000000076393000-memory.dmp

          Filesize

          8KB

          Download

        • memory/668-59-0x0000000000400000-0x000000000041CF25-memory.dmp

          Filesize

          115KB

          Download

        • memory/668-61-0x00000000007B0000-0x00000000007F4000-memory.dmp

          Filesize

          272KB

          Download