Analysis
-
max time kernel
31s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
20-03-2023 07:21
Behavioral task
behavioral1
Sample
311d7cac28e7d0560698a1b4f825226a4b6993bf7f096517c90339c3196c0bb2.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
311d7cac28e7d0560698a1b4f825226a4b6993bf7f096517c90339c3196c0bb2.exe
Resource
win10v2004-20230220-en
General
-
Target
311d7cac28e7d0560698a1b4f825226a4b6993bf7f096517c90339c3196c0bb2.exe
-
Size
798KB
-
MD5
c86aae6b1ca1cb96cbd840434cd62c3f
-
SHA1
907f5e4c7f617ca9786d882f2dae7052f7e25dda
-
SHA256
311d7cac28e7d0560698a1b4f825226a4b6993bf7f096517c90339c3196c0bb2
-
SHA512
7e111330e6cec8e137c4f47bab179792a1106ca716db02449dd0084174c1c10777f16a51b96f4743842170b645fb95c978f40ca4b20c34003f9954b799b4e4f6
-
SSDEEP
24576:f9lGXzwZ6yoQLCw84iQgRE/ofTlvA/Qc5buY5Zy8sgi:1gUV9ri6/MS/QwykR
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral1/memory/1204-54-0x0000000010000000-0x000000001001E000-memory.dmp upx behavioral1/memory/1204-55-0x0000000000240000-0x000000000024B000-memory.dmp upx behavioral1/memory/1204-57-0x0000000010000000-0x000000001001E000-memory.dmp upx behavioral1/memory/1204-58-0x0000000000240000-0x000000000024B000-memory.dmp upx -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
311d7cac28e7d0560698a1b4f825226a4b6993bf7f096517c90339c3196c0bb2.exepid process 1204 311d7cac28e7d0560698a1b4f825226a4b6993bf7f096517c90339c3196c0bb2.exe 1204 311d7cac28e7d0560698a1b4f825226a4b6993bf7f096517c90339c3196c0bb2.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1204-54-0x0000000010000000-0x000000001001E000-memory.dmpFilesize
120KB
-
memory/1204-55-0x0000000000240000-0x000000000024B000-memory.dmpFilesize
44KB
-
memory/1204-56-0x0000000000400000-0x00000000005EC000-memory.dmpFilesize
1.9MB
-
memory/1204-57-0x0000000010000000-0x000000001001E000-memory.dmpFilesize
120KB
-
memory/1204-58-0x0000000000240000-0x000000000024B000-memory.dmpFilesize
44KB
-
memory/1204-59-0x0000000000400000-0x00000000005EC000-memory.dmpFilesize
1.9MB