Overview

overview

8

Static

static

KeePass-2....up.exe

windows7-x64

8

KeePass-2....up.exe

windows10-2004-x64

8

Resubmissions

27/12/2022, 23:19

221227-3bbtqagg53 8

27/12/2022, 22:48

221227-2rkk5agf84 8

27/12/2022, 22:42

221227-2myxysbg7y 8

27/12/2022, 22:31

221227-2fqb8sbg6s 8

Analysis

  • max time kernel
    88s
  • max time network
    91s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/12/2022, 23:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    KeePass-2.52-Setup.exe

  • Size

    4.2MB

  • MD5

    bfde2cadde033f98930b2af4f4c3e507

  • SHA1

    db0200d134f7e0a9b5e0db21127f2b4d167c0cc6

  • SHA256

    da403bc2e91132d1c1e0c49f585441e4cd430c8195ca8af38adc2ea300de52cb

  • SHA512

    17d80f34e7b31f7c0b1936f056d70226f97ad58f7ac79a08bdd9001613a9585d679a027314e0589bd227be00a2db5409285c7c2361b1f3832ffadddf6129c2cd

  • SSDEEP

    98304:XkL8A/iA/tigwkj+PsrdCF1VtStcGorknkDwR:s8AqA/zjxxCzVaikd

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\KeePass-2.52-Setup.exe
    C:\Users\Admin\AppData\Local\Temp\KeePass-2.52-Setup.exe "c:\windows\system32\cmd.exe" /e/rtype syl.log|cmd
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4400
    • C:\Users\Admin\AppData\Local\Temp\is-GSIL3.tmp\KeePass-2.52-Setup.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-GSIL3.tmp\KeePass-2.52-Setup.tmp" /SL5="$E01D6,3481968,781312,C:\Users\Admin\AppData\Local\Temp\KeePass-2.52-Setup.exe" "c:\windows\system32\cmd.exe" /e/rtype syl.log|cmd
      2⤵
      • Executes dropped EXE
      PID:4784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-GSIL3.tmp\KeePass-2.52-Setup.tmp
    Filesize

    3.0MB

    MD5

    9748f05b651f9723283cdd9136c97633

    SHA1

    d9ecf9e710a62430133f1b7bfb536e27899681ef

    SHA256

    3db08203c17c4136341b1a6f073192e82d2dd1cda3098afcabe5750a3807abb9

    SHA512

    a03b4bbae757552d457a46952b862bae44bbcfd266ba00ce9ca444a121e240432fb66413d65df3be15d2e1041d27c6f1bb02e90ab02fb83479cefd51fd6d9762

    Download Submit

  • memory/4400-132-0x0000000000400000-0x00000000004CC000-memory.dmp

    Filesize

    816KB

    Download

  • memory/4400-134-0x0000000000400000-0x00000000004CC000-memory.dmp

    Filesize

    816KB

    Download

  • memory/4400-137-0x0000000000400000-0x00000000004CC000-memory.dmp

    Filesize

    816KB

    Download