b8b51255077910d3cced704059c95b9203f669a4bba8f862db6568d06b01d2c8

General

Target

b8b51255077910d3cced704059c95b9203f669a4bba8f862db6568d06b01d2c8.exe
Size

2.1MB
MD5

d9b84b3dc95a139b76db026a74805e3d
SHA1

a14315236888eb91d5ff28e9cb7cf5352914a1f5
SHA256

b8b51255077910d3cced704059c95b9203f669a4bba8f862db6568d06b01d2c8
SHA512

cc4146741e5db72aefd537d039024020dffeee3c0a52357b923b9451ad1418c7f27d1bb0094addf2475fa2ded1adfeceef8d8c47f35a61563e8e7cbbb75b2e81
SSDEEP

49152:HOZTiStnkM6YAvLsiD0YL+eMDPv2ferN/0WtKEywFAkV4b:HOdFtkPYAvLsi2eQ3KerZpkEyw6kV4b

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

Processes:

resource	yara_rule
\Windows\SysWOW64\config\systemprofile\Application Data\Microsoft\Internet Explorer\errodata\dll_XL.dll	aspack_v212_v242

Executes dropped EXE 1 IoCs

Processes:

MyKeyBoard.exe

pid process

1992 MyKeyBoard.exe

pid	process
1992	MyKeyBoard.exe

Loads dropped DLL 4 IoCs

Processes:

b8b51255077910d3cced704059c95b9203f669a4bba8f862db6568d06b01d2c8.exeMyKeyBoard.exe

pid	process
880	b8b51255077910d3cced704059c95b9203f669a4bba8f862db6568d06b01d2c8.exe
880	b8b51255077910d3cced704059c95b9203f669a4bba8f862db6568d06b01d2c8.exe
880	b8b51255077910d3cced704059c95b9203f669a4bba8f862db6568d06b01d2c8.exe
1992	MyKeyBoard.exe

Drops file in System32 directory 8 IoCs

Processes:

b8b51255077910d3cced704059c95b9203f669a4bba8f862db6568d06b01d2c8.exe

description	ioc	process
File created	C:\WINDOWS\SysWOW64\config\systemprofile\Application Data\Microsoft\Internet Explorer\msdata\msswch.dll	b8b51255077910d3cced704059c95b9203f669a4bba8f862db6568d06b01d2c8.exe
File created	C:\WINDOWS\SysWOW64\config\systemprofile\Application Data\Microsoft\Internet Explorer\msdata\MyKeyBoard.exe	b8b51255077910d3cced704059c95b9203f669a4bba8f862db6568d06b01d2c8.exe
File opened for modification	C:\WINDOWS\SysWOW64\config\systemprofile\Application Data\Microsoft\Internet Explorer\msdata\msswch.dll	b8b51255077910d3cced704059c95b9203f669a4bba8f862db6568d06b01d2c8.exe
File opened for modification	C:\WINDOWS\SysWOW64\config\systemprofile\Application Data\Microsoft\Internet Explorer\msdata\MyKeyBoard.exe	b8b51255077910d3cced704059c95b9203f669a4bba8f862db6568d06b01d2c8.exe
File opened for modification	C:\WINDOWS\SysWOW64\config\systemprofile\Application Data\Microsoft\Internet Explorer\errodata\	b8b51255077910d3cced704059c95b9203f669a4bba8f862db6568d06b01d2c8.exe
File created	C:\WINDOWS\SysWOW64\config\systemprofile\Application Data\Microsoft\Internet Explorer\errodata\dll_XL.dll	b8b51255077910d3cced704059c95b9203f669a4bba8f862db6568d06b01d2c8.exe
File opened for modification	C:\WINDOWS\SysWOW64\config\systemprofile\Application Data\Microsoft\Internet Explorer\errodata\dll_XL.dll	b8b51255077910d3cced704059c95b9203f669a4bba8f862db6568d06b01d2c8.exe
File opened for modification	C:\WINDOWS\SysWOW64\config\systemprofile\Application Data\Microsoft\Internet Explorer\msdata\	b8b51255077910d3cced704059c95b9203f669a4bba8f862db6568d06b01d2c8.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

Processes:

b8b51255077910d3cced704059c95b9203f669a4bba8f862db6568d06b01d2c8.exe

pid	process
880	b8b51255077910d3cced704059c95b9203f669a4bba8f862db6568d06b01d2c8.exe
880	b8b51255077910d3cced704059c95b9203f669a4bba8f862db6568d06b01d2c8.exe
880	b8b51255077910d3cced704059c95b9203f669a4bba8f862db6568d06b01d2c8.exe
880	b8b51255077910d3cced704059c95b9203f669a4bba8f862db6568d06b01d2c8.exe
880	b8b51255077910d3cced704059c95b9203f669a4bba8f862db6568d06b01d2c8.exe
880	b8b51255077910d3cced704059c95b9203f669a4bba8f862db6568d06b01d2c8.exe
880	b8b51255077910d3cced704059c95b9203f669a4bba8f862db6568d06b01d2c8.exe
880	b8b51255077910d3cced704059c95b9203f669a4bba8f862db6568d06b01d2c8.exe
880	b8b51255077910d3cced704059c95b9203f669a4bba8f862db6568d06b01d2c8.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

MyKeyBoard.exe

pid process

1992 MyKeyBoard.exe

pid	process
1992	MyKeyBoard.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

b8b51255077910d3cced704059c95b9203f669a4bba8f862db6568d06b01d2c8.exe

description	pid	process	target process
PID 880 wrote to memory of 1992	880	b8b51255077910d3cced704059c95b9203f669a4bba8f862db6568d06b01d2c8.exe	MyKeyBoard.exe
PID 880 wrote to memory of 1992	880	b8b51255077910d3cced704059c95b9203f669a4bba8f862db6568d06b01d2c8.exe	MyKeyBoard.exe
PID 880 wrote to memory of 1992	880	b8b51255077910d3cced704059c95b9203f669a4bba8f862db6568d06b01d2c8.exe	MyKeyBoard.exe
PID 880 wrote to memory of 1992	880	b8b51255077910d3cced704059c95b9203f669a4bba8f862db6568d06b01d2c8.exe	MyKeyBoard.exe

C:\Users\Admin\AppData\Local\Temp\b8b51255077910d3cced704059c95b9203f669a4bba8f862db6568d06b01d2c8.exe
"C:\Users\Admin\AppData\Local\Temp\b8b51255077910d3cced704059c95b9203f669a4bba8f862db6568d06b01d2c8.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:880

C:\WINDOWS\SysWOW64\config\systemprofile\Application Data\Microsoft\Internet Explorer\msdata\MyKeyBoard.exe
"C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\msdata\MyKeyBoard.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1992

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\WINDOWS\SysWOW64\config\systemprofile\Application Data\Microsoft\Internet Explorer\msdata\MSSWCH.dll
Filesize
12KB

MD5
04783e869e0afbef0fb23eb872d03d9d

SHA1
6e7727604a6f2ccb0cc0cfd7a9b85e11d97e8cac

SHA256
5e199962d5c8f2bdcd08eed26a593f73f7c7bc9f6991683c8868853e79309964

SHA512
ea0da06597887f27ce00aeefb0beecf1fd2a2e3b1a36de34369252f7f90b475e96b14350f3ba1e8c2e6a1c070d48230188a296a91c96f1645af002140ad129e9

Download Submit
C:\Windows\SysWOW64\config\systemprofile\Application Data\Microsoft\Internet Explorer\msdata\MyKeyBoard.exe
Filesize
207KB

MD5
bd993ae3d7140c2cf6abc06932478040

SHA1
65bb1a80d7c3603ab35d21882bb3fc6ed201ed2e

SHA256
ce2f8706716f7a35b2a01953331571ba5526a8db42aa9971a24ae0506281b6df

SHA512
f348947a715fd9ddd4eb3881f433ae487002b71d204d9b185d3cbef440915fca0544bbc0ad6040254077b6f26d273ebe84befba88ae83ea4ea14fb67a9d69bc3

Download Submit
\Windows\SysWOW64\config\systemprofile\Application Data\Microsoft\Internet Explorer\errodata\dll_XL.dll
Filesize
292KB

MD5
1b858c9e3b844aa4da227d9b7bef508a

SHA1
d256304bdcaf98ac9c83201382e87d88ac2f7a12

SHA256
56a66b3d2ee9a4c67ef5d8c3629a2d2256a5826f5f2f3222e1e38959d180180f

SHA512
b4c766871fd5653147ad5849efb9f8ee3e4344690441686fa40c3ad1fa836fedab9de21b64f6139ce0c48ae7f8fe6095a7f28ef2412a80a7ce65650576698119

Download Submit
\Windows\SysWOW64\config\systemprofile\Application Data\Microsoft\Internet Explorer\msdata\MyKeyBoard.exe
Filesize
207KB

MD5
bd993ae3d7140c2cf6abc06932478040

SHA1
65bb1a80d7c3603ab35d21882bb3fc6ed201ed2e

SHA256
ce2f8706716f7a35b2a01953331571ba5526a8db42aa9971a24ae0506281b6df

SHA512
f348947a715fd9ddd4eb3881f433ae487002b71d204d9b185d3cbef440915fca0544bbc0ad6040254077b6f26d273ebe84befba88ae83ea4ea14fb67a9d69bc3

Download Submit
\Windows\SysWOW64\config\systemprofile\Application Data\Microsoft\Internet Explorer\msdata\MyKeyBoard.exe
Filesize
207KB

MD5
bd993ae3d7140c2cf6abc06932478040

SHA1
65bb1a80d7c3603ab35d21882bb3fc6ed201ed2e

SHA256
ce2f8706716f7a35b2a01953331571ba5526a8db42aa9971a24ae0506281b6df

SHA512
f348947a715fd9ddd4eb3881f433ae487002b71d204d9b185d3cbef440915fca0544bbc0ad6040254077b6f26d273ebe84befba88ae83ea4ea14fb67a9d69bc3

Download Submit
\Windows\SysWOW64\config\systemprofile\Application Data\Microsoft\Internet Explorer\msdata\msswch.dll
Filesize
12KB

MD5
04783e869e0afbef0fb23eb872d03d9d

SHA1
6e7727604a6f2ccb0cc0cfd7a9b85e11d97e8cac

SHA256
5e199962d5c8f2bdcd08eed26a593f73f7c7bc9f6991683c8868853e79309964

SHA512
ea0da06597887f27ce00aeefb0beecf1fd2a2e3b1a36de34369252f7f90b475e96b14350f3ba1e8c2e6a1c070d48230188a296a91c96f1645af002140ad129e9

Download Submit
memory/880-62-0x0000000003490000-0x000000000355E000-memory.dmp

Filesize
824KB

Download
memory/880-61-0x0000000003490000-0x000000000355E000-memory.dmp

Filesize
824KB

Download
memory/880-54-0x0000000076871000-0x0000000076873000-memory.dmp

Filesize
8KB

Download
memory/880-63-0x0000000003490000-0x000000000355E000-memory.dmp

Filesize
824KB

Download
memory/880-59-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/880-58-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/880-56-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/880-57-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/880-55-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/880-71-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/880-72-0x0000000003490000-0x000000000355E000-memory.dmp

Filesize
824KB

Download
memory/1992-66-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads