Overview

overview

8

Static

static

ed8a6bdda0...15.exe

windows7-x64

8

ed8a6bdda0...15.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    151s
  • max time network
    182s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/12/2022, 21:24

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ed8a6bdda09a8edb9d0d5fdad528ac9569f12eb2fead373cfa8e41caefad1215.exe

  • Size

    408KB

  • MD5

    882ad024e8dd5b561bfe802187de2771

  • SHA1

    41235bba1d97e7c1c9b1927b005740ca65f223b6

  • SHA256

    ed8a6bdda09a8edb9d0d5fdad528ac9569f12eb2fead373cfa8e41caefad1215

  • SHA512

    ea6a86429ec0bd358f62597b707ac74daefd6ae7e8dccdf68926c053cc8dd96e954f4411e57d3ed91816eb8c434d36ccb68020a0ba0641cafb2534b26b8931cb

  • SSDEEP

    12288:QhuZnDx8SSaijL6+70GE/Amq0XirvTg93y:3x0jjbE4mjir

Score
8/10

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ed8a6bdda09a8edb9d0d5fdad528ac9569f12eb2fead373cfa8e41caefad1215.exe
    "C:\Users\Admin\AppData\Local\Temp\ed8a6bdda09a8edb9d0d5fdad528ac9569f12eb2fead373cfa8e41caefad1215.exe"
    1⤵
    • Drops file in Drivers directory
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1528
    • \??\c:\program files\Realplayer\Follow\instructions.exe
      "c:\program files\Realplayer\Follow\instructions.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:3724

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files\Realplayer\Follow\instructions.exe
          Filesize

          408KB

          MD5

          819b6d12be4d20d7bff872e1f0b3cf28

          SHA1

          10debf560bf5d51319cd26778a05ff21c7d578a9

          SHA256

          d72207696c4738d3be2fec95e3082142ed072b3916fcfa8852c806b32a008cb6

          SHA512

          cc7985603fd8b51c19ccf756273ac8255c5c56ca21ee7e4e882caf66894117a53405146147ef40a63491df11ce1e23ce10a7911280a6160f42222d69016bc76b

          Download Submit

        • \??\c:\program files\Realplayer\Follow\instructions.exe
          Filesize

          408KB

          MD5

          819b6d12be4d20d7bff872e1f0b3cf28

          SHA1

          10debf560bf5d51319cd26778a05ff21c7d578a9

          SHA256

          d72207696c4738d3be2fec95e3082142ed072b3916fcfa8852c806b32a008cb6

          SHA512

          cc7985603fd8b51c19ccf756273ac8255c5c56ca21ee7e4e882caf66894117a53405146147ef40a63491df11ce1e23ce10a7911280a6160f42222d69016bc76b

          Download Submit