Overview

overview

7

Static

static

7

0bc1cffeee...73.exe

windows7-x64

7

0bc1cffeee...73.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    31s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    13-02-2023 19:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0bc1cffeeef6fb4bc282fc40763927ae60abe1a0b35ace0dd71a8ece2f2c9c73.exe

  • Size

    2.1MB

  • MD5

    c2e97c36b61f6ef3a26c25bd2f690adf

  • SHA1

    d6f0a93d4d78fb78950fdbea1aab553cd6a8b132

  • SHA256

    0bc1cffeeef6fb4bc282fc40763927ae60abe1a0b35ace0dd71a8ece2f2c9c73

  • SHA512

    15d82ab54f09844e893e438c5d94497d9eb24c3fa419d0152c306fb925b84e03d368b625c93608d4c6aa3daeda105cdc00bbfb1996b7f33e86ca31c0d21dc9ab

  • SSDEEP

    49152:odWASQXKvQ0nWiQxqu6Tjuo4ZGSMlF9W7UomoV2J9Ajiw5AacPqdmtxH/WgM:qWTQWQULuoHzzW7RmXAjM1PqdUH/Wg

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0bc1cffeeef6fb4bc282fc40763927ae60abe1a0b35ace0dd71a8ece2f2c9c73.exe
    "C:\Users\Admin\AppData\Local\Temp\0bc1cffeeef6fb4bc282fc40763927ae60abe1a0b35ace0dd71a8ece2f2c9c73.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1356
    • C:\Users\Admin\AppData\Local\Temp\YShow3D.exe
      C:\Users\Admin\AppData\Local\Temp\\YShow3D.exe /i Çë²åÈëÈí¼þËø£¡ /t Ìáʾ£ºB8 /k 64
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:1444

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\YShow3D.exe
    Filesize

    326KB

    MD5

    8e96277706fe70a9f910b7f85ea8eb92

    SHA1

    34ea5439c8711cb386e51520f9c4b05e6997c96f

    SHA256

    4f3dc8c71c652cf4ef4f0bf6d09f3272afb36df142e8eba1dd645efd4b1aca14

    SHA512

    3605cb71116db6fa12dae3727ce01d4f68f7afb5153b7575452c0e33861ddebdb33f9c3099f86d7625fb99b4d6fd548f60290a4b3cb9ad8e66d6d5bb50bcdbfa

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\YShow3D.exe
    Filesize

    326KB

    MD5

    8e96277706fe70a9f910b7f85ea8eb92

    SHA1

    34ea5439c8711cb386e51520f9c4b05e6997c96f

    SHA256

    4f3dc8c71c652cf4ef4f0bf6d09f3272afb36df142e8eba1dd645efd4b1aca14

    SHA512

    3605cb71116db6fa12dae3727ce01d4f68f7afb5153b7575452c0e33861ddebdb33f9c3099f86d7625fb99b4d6fd548f60290a4b3cb9ad8e66d6d5bb50bcdbfa

    Download Submit
  • \Users\Admin\AppData\Local\Temp\YShow3D.exe
    Filesize

    326KB

    MD5

    8e96277706fe70a9f910b7f85ea8eb92

    SHA1

    34ea5439c8711cb386e51520f9c4b05e6997c96f

    SHA256

    4f3dc8c71c652cf4ef4f0bf6d09f3272afb36df142e8eba1dd645efd4b1aca14

    SHA512

    3605cb71116db6fa12dae3727ce01d4f68f7afb5153b7575452c0e33861ddebdb33f9c3099f86d7625fb99b4d6fd548f60290a4b3cb9ad8e66d6d5bb50bcdbfa

    Download Submit
  • memory/1356-54-0x0000000000400000-0x0000000000701000-memory.dmp
    Filesize

    3.0MB

    Download
  • memory/1356-55-0x0000000000400000-0x0000000000701000-memory.dmp
    Filesize

    3.0MB

    Download
  • memory/1356-61-0x0000000000400000-0x0000000000701000-memory.dmp
    Filesize

    3.0MB

    Download
  • memory/1356-62-0x00000000024D0000-0x00000000025FB000-memory.dmp
    Filesize

    1.2MB

    Download
  • memory/1444-57-0x0000000000000000-mapping.dmp
    Download
  • memory/1444-59-0x0000000075491000-0x0000000075493000-memory.dmp
    Filesize

    8KB

    Download