Overview

overview

7

Static

static

7

308f14a3d3...5b.exe

windows7-x64

7

308f14a3d3...5b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    91s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-02-2023 21:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    308f14a3d3f7c573d5309f862c89965ac1f9f44a765504ae3b87dab0e7de905b.exe

  • Size

    4.7MB

  • MD5

    6bf1ce778323c32edbcde15544cf171a

  • SHA1

    c2b2e7c6be23bdd3a2df6cf7726f8b59077593cf

  • SHA256

    308f14a3d3f7c573d5309f862c89965ac1f9f44a765504ae3b87dab0e7de905b

  • SHA512

    794d33f07117a80452043175bda78f952f83f514d2f651a95569ae688eb941a0f7fe0b71d7b6e9e656fc236c4fd03845a301a30eefd69e67718ac49d5638c56e

  • SSDEEP

    98304:zE8VnrJjoxNasNNW0dNbJlImZ8xWpKo+2fRivUFPYCPyU//Vb4ggeRK6nu:zp6zzNNFTYmZVRfRqUxvHJ4IRK6u

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\308f14a3d3f7c573d5309f862c89965ac1f9f44a765504ae3b87dab0e7de905b.exe
    "C:\Users\Admin\AppData\Local\Temp\308f14a3d3f7c573d5309f862c89965ac1f9f44a765504ae3b87dab0e7de905b.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4080
    • C:\Users\Admin\AppData\Local\Temp\YShow3D.exe
      C:\Users\Admin\AppData\Local\Temp\\YShow3D.exe /i NO KEY! /t ÐÅÏ¢ /k 16
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:1444

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\YShow3D.exe
    Filesize

    60KB

    MD5

    8c767201eac8642babc8ef3affbaccc6

    SHA1

    3ae19cb1057978f4ca365d2ac2cd27caa4aef6cb

    SHA256

    c18b7bc873eeb7c837e1ad213a1d3bec55f24f61838417fbb497fd66ea8147a8

    SHA512

    0b311cbc763bd9bdfa91cfa397e290b643b98282d4a81afcb1597a8fdab9b4d5831fb1a22af40989209ed38ffc1bfc655f8b98e50b2fca7bd112964ea703d888

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\YShow3D.exe
    Filesize

    60KB

    MD5

    8c767201eac8642babc8ef3affbaccc6

    SHA1

    3ae19cb1057978f4ca365d2ac2cd27caa4aef6cb

    SHA256

    c18b7bc873eeb7c837e1ad213a1d3bec55f24f61838417fbb497fd66ea8147a8

    SHA512

    0b311cbc763bd9bdfa91cfa397e290b643b98282d4a81afcb1597a8fdab9b4d5831fb1a22af40989209ed38ffc1bfc655f8b98e50b2fca7bd112964ea703d888

    Download Submit
  • memory/4080-133-0x0000000000400000-0x0000000001630000-memory.dmp
    Filesize

    18.2MB

    Download
  • memory/4080-138-0x0000000001B00000-0x0000000001B60000-memory.dmp
    Filesize

    384KB

    Download
  • memory/4080-139-0x0000000000400000-0x0000000001630000-memory.dmp
    Filesize

    18.2MB

    Download