Overview

overview

7

Static

static

7

95ca7ff24c...67.exe

windows7-x64

7

95ca7ff24c...67.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    27s
  • max time network
    31s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    01-03-2023 04:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    95ca7ff24c657168360e61c48943307a77831b1a35e2946947e1ca678bc1ba67.exe

  • Size

    5.1MB

  • MD5

    467f80e4842358e7cb53e9c547fbe139

  • SHA1

    44b8d1c267756809085be8595573ea27d9089c92

  • SHA256

    95ca7ff24c657168360e61c48943307a77831b1a35e2946947e1ca678bc1ba67

  • SHA512

    6dfbcc116998abf2553d798a833d26346bc7a9c35b6002d6484903b57be528ecad482c600ca19d8314dfaeeb3559c6d3b021f4810b00af9e2753b24f93222d88

  • SSDEEP

    98304:MvZtI7HoRF+3InQ7YrZ0BcMiwnesPNjEuEIEHQa:gg7YQ7gOcdYj

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\95ca7ff24c657168360e61c48943307a77831b1a35e2946947e1ca678bc1ba67.exe
    "C:\Users\Admin\AppData\Local\Temp\95ca7ff24c657168360e61c48943307a77831b1a35e2946947e1ca678bc1ba67.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1948
    • C:\Users\Admin\AppData\Local\Temp\YShow3D.exe
      C:\Users\Admin\AppData\Local\Temp\\YShow3D.exe /i Á¬½Óʧ°Ü£¬Ã»ÓÐÕÒµ½·þÎñÆ÷¼ÓÃܹ·£¡ /t ÌáʾÐÅÏ¢£º /k 16
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:1400

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\YShow3D.exe
    Filesize

    60KB

    MD5

    c35d485156928ccc9561d056e1e146ee

    SHA1

    7901dd46d231a741e65d105c22e7f289fc35169a

    SHA256

    0d9d9a9165bc551263f83309fee109b6da5ab1977ab0941166c934f96965b5b9

    SHA512

    dcf3c60e3cd64a8023dc219a919c5ff430920ac85dca80802adb4b91d4cafe98b39c207d0e394a2535aa9f4c194e0f3ff1a4fd8b7a69e0c3c51b15fb0d796175

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\YShow3D.exe
    Filesize

    60KB

    MD5

    c35d485156928ccc9561d056e1e146ee

    SHA1

    7901dd46d231a741e65d105c22e7f289fc35169a

    SHA256

    0d9d9a9165bc551263f83309fee109b6da5ab1977ab0941166c934f96965b5b9

    SHA512

    dcf3c60e3cd64a8023dc219a919c5ff430920ac85dca80802adb4b91d4cafe98b39c207d0e394a2535aa9f4c194e0f3ff1a4fd8b7a69e0c3c51b15fb0d796175

    Download Submit
  • \Users\Admin\AppData\Local\Temp\YShow3D.exe
    Filesize

    60KB

    MD5

    c35d485156928ccc9561d056e1e146ee

    SHA1

    7901dd46d231a741e65d105c22e7f289fc35169a

    SHA256

    0d9d9a9165bc551263f83309fee109b6da5ab1977ab0941166c934f96965b5b9

    SHA512

    dcf3c60e3cd64a8023dc219a919c5ff430920ac85dca80802adb4b91d4cafe98b39c207d0e394a2535aa9f4c194e0f3ff1a4fd8b7a69e0c3c51b15fb0d796175

    Download Submit
  • \Users\Admin\AppData\Local\Temp\YShow3D.exe
    Filesize

    60KB

    MD5

    c35d485156928ccc9561d056e1e146ee

    SHA1

    7901dd46d231a741e65d105c22e7f289fc35169a

    SHA256

    0d9d9a9165bc551263f83309fee109b6da5ab1977ab0941166c934f96965b5b9

    SHA512

    dcf3c60e3cd64a8023dc219a919c5ff430920ac85dca80802adb4b91d4cafe98b39c207d0e394a2535aa9f4c194e0f3ff1a4fd8b7a69e0c3c51b15fb0d796175

    Download Submit
  • memory/1948-62-0x0000000000400000-0x0000000000972000-memory.dmp
    Filesize

    5.4MB

    Download
  • memory/1948-63-0x0000000000320000-0x000000000037A000-memory.dmp
    Filesize

    360KB

    Download