c101759aa8da97c6dfc5374ff246b6def367226185ea23e0fa42c546e2943470

Analysis

max time kernel
100s
max time network
125s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06-12-2022 23:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c101759aa8da97c6dfc5374ff246b6def367226185ea23e0fa42c546e2943470.exe
Size

3.4MB
MD5

f51c649edeedcb1e8ffc9a79eff86816
SHA1

ae8f6aab757e1539b427a7151f406da178e7bc02
SHA256

c101759aa8da97c6dfc5374ff246b6def367226185ea23e0fa42c546e2943470
SHA512

8ada88562d95a25eff6371b3ea269996d1e1a7203f641beb1c851cb5f1b6cc52a16f941cfbd8c8d5c443a8558c43ec6e5746dfe160cd906dc12a1ddf1c254124
SSDEEP

3072:3g64yo/pjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjq:QfzE

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
692	ActiveDesi.ini

Deletes itself 1 IoCs

pid	Process
692	ActiveDesi.ini

Loads dropped DLL 1 IoCs

pid	Process
268	c101759aa8da97c6dfc5374ff246b6def367226185ea23e0fa42c546e2943470.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft\ActiveDesi.ini	c101759aa8da97c6dfc5374ff246b6def367226185ea23e0fa42c546e2943470.exe
File opened for modification	C:\Windows\Microsoft\ActiveDesi.ini	c101759aa8da97c6dfc5374ff246b6def367226185ea23e0fa42c546e2943470.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
268	c101759aa8da97c6dfc5374ff246b6def367226185ea23e0fa42c546e2943470.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
268	c101759aa8da97c6dfc5374ff246b6def367226185ea23e0fa42c546e2943470.exe
692	ActiveDesi.ini
692	ActiveDesi.ini

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 268 wrote to memory of 692	268	c101759aa8da97c6dfc5374ff246b6def367226185ea23e0fa42c546e2943470.exe	28
PID 268 wrote to memory of 692	268	c101759aa8da97c6dfc5374ff246b6def367226185ea23e0fa42c546e2943470.exe	28
PID 268 wrote to memory of 692	268	c101759aa8da97c6dfc5374ff246b6def367226185ea23e0fa42c546e2943470.exe	28
PID 268 wrote to memory of 692	268	c101759aa8da97c6dfc5374ff246b6def367226185ea23e0fa42c546e2943470.exe	28
PID 268 wrote to memory of 692	268	c101759aa8da97c6dfc5374ff246b6def367226185ea23e0fa42c546e2943470.exe	28
PID 268 wrote to memory of 692	268	c101759aa8da97c6dfc5374ff246b6def367226185ea23e0fa42c546e2943470.exe	28
PID 268 wrote to memory of 692	268	c101759aa8da97c6dfc5374ff246b6def367226185ea23e0fa42c546e2943470.exe	28

C:\Users\Admin\AppData\Local\Temp\c101759aa8da97c6dfc5374ff246b6def367226185ea23e0fa42c546e2943470.exe
"C:\Users\Admin\AppData\Local\Temp\c101759aa8da97c6dfc5374ff246b6def367226185ea23e0fa42c546e2943470.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:268
- C:\Windows\Microsoft\ActiveDesi.ini
  "C:\Windows\Microsoft\ActiveDesi.ini"
  2⤵
  - Executes dropped EXE
  - Deletes itself
  - Suspicious use of SetWindowsHookEx
  PID:692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Installs

Filesize
102B

MD5
d4522b0cfda2ba9ef85770a7d029860b

SHA1
be63514ab7c172e4a52c10c1cec1ae2f4138a5ca

SHA256
7794040a6a5e979955e34afe9b3496e9793eb39a451b63937d3341450138a96f

SHA512
a10399a99fa6277ce9f30b52a4cd88655d117fb1408b670dfbf30ed9f01e44b85820d807ba20986ec85efe9c21cdbaa0c31906af16e0e7d7a2a568c365ad4ad3

Download Submit
C:\Windows\Microsoft\ActiveDesi.ini

Filesize
10.8MB

MD5
7be6c5e9ebb9fc7721430bd1ca38516b

SHA1
4bfbd44c6053dac717cbab33371a0564cbd54a35

SHA256
1abd4e06a6e9a04e0c0954b5c81072be95155d08a8e932caaacb0fd303cd8581

SHA512
ad6fb27529bbafd7895fe6cc2f763f8dc040fe8cadc71e7e42d4f7c95d8ab77ff58e3ea191255c66eac5d61f5f0e537224d79496be2984b46fd3a1810e97d3e6

Download Submit
C:\Windows\Microsoft\ActiveDesi.ini

Filesize
10.8MB

MD5
7be6c5e9ebb9fc7721430bd1ca38516b

SHA1
4bfbd44c6053dac717cbab33371a0564cbd54a35

SHA256
1abd4e06a6e9a04e0c0954b5c81072be95155d08a8e932caaacb0fd303cd8581

SHA512
ad6fb27529bbafd7895fe6cc2f763f8dc040fe8cadc71e7e42d4f7c95d8ab77ff58e3ea191255c66eac5d61f5f0e537224d79496be2984b46fd3a1810e97d3e6

Download Submit
\Windows\Microsoft\ActiveDesi.ini

Filesize
10.8MB

MD5
7be6c5e9ebb9fc7721430bd1ca38516b

SHA1
4bfbd44c6053dac717cbab33371a0564cbd54a35

SHA256
1abd4e06a6e9a04e0c0954b5c81072be95155d08a8e932caaacb0fd303cd8581

SHA512
ad6fb27529bbafd7895fe6cc2f763f8dc040fe8cadc71e7e42d4f7c95d8ab77ff58e3ea191255c66eac5d61f5f0e537224d79496be2984b46fd3a1810e97d3e6

Download Submit
memory/268-54-0x0000000075F01000-0x0000000075F03000-memory.dmp

Filesize
8KB

Download
memory/692-56-0x0000000000000000-mapping.dmp

Download