Overview

overview

8

Static

static

f56cbcfdeb...e6.exe

windows7-x64

8

f56cbcfdeb...e6.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    64s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/12/2022, 10:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f56cbcfdebd26fedb476f88c3fa6ffee0421212d87f95521558b6dcb347e23e6.exe

  • Size

    3.7MB

  • MD5

    a83a5d91f462cc42f4ca9bbf84fc40c0

  • SHA1

    9ff789b096153ddec6b0fbaba8853c0e84d92708

  • SHA256

    f56cbcfdebd26fedb476f88c3fa6ffee0421212d87f95521558b6dcb347e23e6

  • SHA512

    d893e3fc694431bf8f6b90e873288e394766b1d6cdae53a7f7b261d2dce63730f9f1074a68504fed4607dc2d1b79314414163da6668a509975c35724721d1e56

  • SSDEEP

    98304:vTi2nGdhiO6nOn8MJVEkmNehbFBGi50wPs0PB9IpzC1W6V:vT7GdAOf7mNw9rP3nAm1DV

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetWindowsHookEx 39 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f56cbcfdebd26fedb476f88c3fa6ffee0421212d87f95521558b6dcb347e23e6.exe
    "C:\Users\Admin\AppData\Local\Temp\f56cbcfdebd26fedb476f88c3fa6ffee0421212d87f95521558b6dcb347e23e6.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4664
    • C:\Users\Admin\AppData\Local\Temp\~esetup\setup.exe
      C:\Users\Admin\AppData\Local\Temp\~esetup\setup.exe setup.dat
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      PID:528

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\~esetup\krnln.fnr
    Filesize

    1.2MB

    MD5

    a6a397b67ebac717e7ec095bf9b597ee

    SHA1

    80c7459654f3564c0cb74a47398d48e0f02cb82f

    SHA256

    847fbe068ff90112d9b76c04587439ee3a3866d8c60466bb4673491d94ddfd89

    SHA512

    0eb5528a4aad4458feddbefb5347d0e2cd84d6240a341ccc425d6ed98d15d8588d8635f21d30af389a2af5ac9537bea56a1d97530ac90e965989e296f1c5d8c8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~esetup\krnln.fnr
    Filesize

    1.2MB

    MD5

    a6a397b67ebac717e7ec095bf9b597ee

    SHA1

    80c7459654f3564c0cb74a47398d48e0f02cb82f

    SHA256

    847fbe068ff90112d9b76c04587439ee3a3866d8c60466bb4673491d94ddfd89

    SHA512

    0eb5528a4aad4458feddbefb5347d0e2cd84d6240a341ccc425d6ed98d15d8588d8635f21d30af389a2af5ac9537bea56a1d97530ac90e965989e296f1c5d8c8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~esetup\setup.dat
    Filesize

    6.4MB

    MD5

    33760594d1cbff2a941d0c930919d0f2

    SHA1

    268a9870ee45192580833f7282f6ba74d3454e0f

    SHA256

    aa05802829d690c8c2c636e0268bd2d2d180e677b9ff23fb3d936f7f718211c8

    SHA512

    d1e8cf67849c454ce96a085318509b0f21a60a2066f34fded743d93cd0f9a8c6e1404e34aa5b1fba05037420d4328f4e95446dee4f9e9989893e137f6778c6a3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~esetup\setup.exe
    Filesize

    46KB

    MD5

    43dc1ebfd72de2edbdacf1cb5610e483

    SHA1

    360dfecc17468edef24939b6af3412dc90452bc2

    SHA256

    7484c5baea072fe8aec78d83de7e2638fab15335fe99ec9a921b77ebae0ea6e2

    SHA512

    352973367422881f0d5afcb13c9bb708b5d79666236030521cafed8592504512b7b77d9e55cbc92fbaf49fcd55a7dc4ef8aa35684f0ee2f220ab2d532ad2ee99

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~esetup\setup.exe
    Filesize

    46KB

    MD5

    43dc1ebfd72de2edbdacf1cb5610e483

    SHA1

    360dfecc17468edef24939b6af3412dc90452bc2

    SHA256

    7484c5baea072fe8aec78d83de7e2638fab15335fe99ec9a921b77ebae0ea6e2

    SHA512

    352973367422881f0d5afcb13c9bb708b5d79666236030521cafed8592504512b7b77d9e55cbc92fbaf49fcd55a7dc4ef8aa35684f0ee2f220ab2d532ad2ee99

    Download Submit

  • memory/528-138-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download