baf05c61c2c23cedb59e60386d0d3bc0c90fbd29f8239d2286152879d8e3b007

Analysis

max time kernel
143s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/02/2023, 13:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e44b921c0e4c5efed2ddd62586bcce7c52eb95b9.exe
Size

60KB
MD5

7d2b22372c2664b527cb09cdd64e79e3
SHA1

e44b921c0e4c5efed2ddd62586bcce7c52eb95b9
SHA256

baf05c61c2c23cedb59e60386d0d3bc0c90fbd29f8239d2286152879d8e3b007
SHA512

77560bf3f87c4cf89681f32cb826a005768dbcd5e697a6676b368e7fc22610017cb6afe94b5cca028583329d91a300d2f40ec0a7eaa9cc498a0ca177dc917bbf
SSDEEP

1536:islkOHCO/E6ITVNHKPno7ygbqH/1MhMIyCmNFbdUUX:ickOHCz6I5JKPGhgCU

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
4648	e44b921c0e4c5efed2ddd62586bcce7c52eb95b9.exe
4648	e44b921c0e4c5efed2ddd62586bcce7c52eb95b9.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\des32.exe	e44b921c0e4c5efed2ddd62586bcce7c52eb95b9.exe
File opened for modification	C:\Windows\SysWOW64\des32.exe	e44b921c0e4c5efed2ddd62586bcce7c52eb95b9.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\system\verclsid.dll	e44b921c0e4c5efed2ddd62586bcce7c52eb95b9.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4648	e44b921c0e4c5efed2ddd62586bcce7c52eb95b9.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4648 wrote to memory of 2180	4648	e44b921c0e4c5efed2ddd62586bcce7c52eb95b9.exe	81
PID 4648 wrote to memory of 2180	4648	e44b921c0e4c5efed2ddd62586bcce7c52eb95b9.exe	81
PID 4648 wrote to memory of 2180	4648	e44b921c0e4c5efed2ddd62586bcce7c52eb95b9.exe	81
PID 4648 wrote to memory of 4580	4648	e44b921c0e4c5efed2ddd62586bcce7c52eb95b9.exe	83
PID 4648 wrote to memory of 4580	4648	e44b921c0e4c5efed2ddd62586bcce7c52eb95b9.exe	83
PID 4648 wrote to memory of 4580	4648	e44b921c0e4c5efed2ddd62586bcce7c52eb95b9.exe	83

C:\Users\Admin\AppData\Local\Temp\e44b921c0e4c5efed2ddd62586bcce7c52eb95b9.exe
"C:\Users\Admin\AppData\Local\Temp\e44b921c0e4c5efed2ddd62586bcce7c52eb95b9.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4648
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\9.bat
  2⤵
  PID:2180
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\9.bat
  2⤵
  PID:4580

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\9.bat

Filesize
84B

MD5
43d95f908b0668a9731effcf336aa7e7

SHA1
f6df52ca0ba132183b09dd69b4d1e358f8bc4961

SHA256
6deeb8963a0ee9ae7deb1edc43e199ad11b8656524f1eb0911a9ece97ddef20e

SHA512
5563077e5e83a0b0c96861e8815bc1ebd3050a6a277325b6ba07386c77fb235f4802e74d0bd485181f8633b4e9dddbda1e412e5ae39645a7ebc4e7c617622edf

Download Submit
C:\Users\Admin\AppData\Local\Temp\9.bat

Filesize
62B

MD5
677e4c0ac73ffedbd0326f881e18756f

SHA1
56e6aa940dc32f68067f6754321a1c369abd854a

SHA256
bbfc707b467967a14e7329b9128e25600970994638f1157dfe3f4ef55a9d2f04

SHA512
f74ea95ea223e7a76f8d18ec622c2b72fea1295d6efbec0dfee5c99b3efdb672f3d74aabbfab95ed2fcac78987aef8fcd0f88ca8f35ab51fbce7b8ba0d290d5f

Download Submit
C:\Windows\System\verclsid.dll

Filesize
127KB

MD5
53bb1a68caef2d97165ef05576cf705d

SHA1
644045b12432d10ad43004bf6a7fb152ad6d22ee

SHA256
4d21e1b191686b7a156f209b2351abc44f422c3bd5dd5afbd082cb686aa5d2d1

SHA512
1a437b856e33f28c56bd900b3ea0b9bc42d05aa5349afe325f1213f0875ae9d8e7e2b4388e82234a4884b9da47d5ea614bb64188051646358baa89fce11d2480

Download Submit
C:\Windows\System\verclsid.dll

Filesize
127KB

MD5
53bb1a68caef2d97165ef05576cf705d

SHA1
644045b12432d10ad43004bf6a7fb152ad6d22ee

SHA256
4d21e1b191686b7a156f209b2351abc44f422c3bd5dd5afbd082cb686aa5d2d1

SHA512
1a437b856e33f28c56bd900b3ea0b9bc42d05aa5349afe325f1213f0875ae9d8e7e2b4388e82234a4884b9da47d5ea614bb64188051646358baa89fce11d2480

Download Submit
memory/4648-134-0x0000000000400000-0x000000000043B0F0-memory.dmp

Filesize
236KB

Download
memory/4648-138-0x0000000002280000-0x00000000022A4000-memory.dmp

Filesize
144KB

Download