Analysis
-
max time kernel
29s -
max time network
32s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
22-02-2023 21:51
Behavioral task
behavioral1
Sample
308f14a3d3f7c573d5309f862c89965ac1f9f44a765504ae3b87dab0e7de905b.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
308f14a3d3f7c573d5309f862c89965ac1f9f44a765504ae3b87dab0e7de905b.exe
Resource
win10v2004-20230220-en
General
-
Target
308f14a3d3f7c573d5309f862c89965ac1f9f44a765504ae3b87dab0e7de905b.exe
-
Size
4.7MB
-
MD5
6bf1ce778323c32edbcde15544cf171a
-
SHA1
c2b2e7c6be23bdd3a2df6cf7726f8b59077593cf
-
SHA256
308f14a3d3f7c573d5309f862c89965ac1f9f44a765504ae3b87dab0e7de905b
-
SHA512
794d33f07117a80452043175bda78f952f83f514d2f651a95569ae688eb941a0f7fe0b71d7b6e9e656fc236c4fd03845a301a30eefd69e67718ac49d5638c56e
-
SSDEEP
98304:zE8VnrJjoxNasNNW0dNbJlImZ8xWpKo+2fRivUFPYCPyU//Vb4ggeRK6nu:zp6zzNNFTYmZVRfRqUxvHJ4IRK6u
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
YShow3D.exepid process 1276 YShow3D.exe -
Loads dropped DLL 2 IoCs
Processes:
308f14a3d3f7c573d5309f862c89965ac1f9f44a765504ae3b87dab0e7de905b.exepid process 1208 308f14a3d3f7c573d5309f862c89965ac1f9f44a765504ae3b87dab0e7de905b.exe 1208 308f14a3d3f7c573d5309f862c89965ac1f9f44a765504ae3b87dab0e7de905b.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
YShow3D.exepid process 1276 YShow3D.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
308f14a3d3f7c573d5309f862c89965ac1f9f44a765504ae3b87dab0e7de905b.exedescription pid process target process PID 1208 wrote to memory of 1276 1208 308f14a3d3f7c573d5309f862c89965ac1f9f44a765504ae3b87dab0e7de905b.exe YShow3D.exe PID 1208 wrote to memory of 1276 1208 308f14a3d3f7c573d5309f862c89965ac1f9f44a765504ae3b87dab0e7de905b.exe YShow3D.exe PID 1208 wrote to memory of 1276 1208 308f14a3d3f7c573d5309f862c89965ac1f9f44a765504ae3b87dab0e7de905b.exe YShow3D.exe PID 1208 wrote to memory of 1276 1208 308f14a3d3f7c573d5309f862c89965ac1f9f44a765504ae3b87dab0e7de905b.exe YShow3D.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\308f14a3d3f7c573d5309f862c89965ac1f9f44a765504ae3b87dab0e7de905b.exe"C:\Users\Admin\AppData\Local\Temp\308f14a3d3f7c573d5309f862c89965ac1f9f44a765504ae3b87dab0e7de905b.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\YShow3D.exeC:\Users\Admin\AppData\Local\Temp\\YShow3D.exe /i NO KEY! /t ÐÅÏ¢ /k 162⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\YShow3D.exeFilesize
60KB
MD58c767201eac8642babc8ef3affbaccc6
SHA13ae19cb1057978f4ca365d2ac2cd27caa4aef6cb
SHA256c18b7bc873eeb7c837e1ad213a1d3bec55f24f61838417fbb497fd66ea8147a8
SHA5120b311cbc763bd9bdfa91cfa397e290b643b98282d4a81afcb1597a8fdab9b4d5831fb1a22af40989209ed38ffc1bfc655f8b98e50b2fca7bd112964ea703d888
-
C:\Users\Admin\AppData\Local\Temp\YShow3D.exeFilesize
60KB
MD58c767201eac8642babc8ef3affbaccc6
SHA13ae19cb1057978f4ca365d2ac2cd27caa4aef6cb
SHA256c18b7bc873eeb7c837e1ad213a1d3bec55f24f61838417fbb497fd66ea8147a8
SHA5120b311cbc763bd9bdfa91cfa397e290b643b98282d4a81afcb1597a8fdab9b4d5831fb1a22af40989209ed38ffc1bfc655f8b98e50b2fca7bd112964ea703d888
-
\Users\Admin\AppData\Local\Temp\YShow3D.exeFilesize
60KB
MD58c767201eac8642babc8ef3affbaccc6
SHA13ae19cb1057978f4ca365d2ac2cd27caa4aef6cb
SHA256c18b7bc873eeb7c837e1ad213a1d3bec55f24f61838417fbb497fd66ea8147a8
SHA5120b311cbc763bd9bdfa91cfa397e290b643b98282d4a81afcb1597a8fdab9b4d5831fb1a22af40989209ed38ffc1bfc655f8b98e50b2fca7bd112964ea703d888
-
\Users\Admin\AppData\Local\Temp\YShow3D.exeFilesize
60KB
MD58c767201eac8642babc8ef3affbaccc6
SHA13ae19cb1057978f4ca365d2ac2cd27caa4aef6cb
SHA256c18b7bc873eeb7c837e1ad213a1d3bec55f24f61838417fbb497fd66ea8147a8
SHA5120b311cbc763bd9bdfa91cfa397e290b643b98282d4a81afcb1597a8fdab9b4d5831fb1a22af40989209ed38ffc1bfc655f8b98e50b2fca7bd112964ea703d888
-
memory/1208-62-0x0000000000400000-0x0000000001630000-memory.dmpFilesize
18.2MB
-
memory/1208-63-0x0000000000380000-0x00000000003E0000-memory.dmpFilesize
384KB