Analysis
-
max time kernel
148s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20230221-en -
resource tags
-
submitted
21-03-2023 19:24
General
-
Target
tmp.exe
-
Size
1.6MB
-
MD5
bb638f1ff8cb13e6d3f103ce356ca334
-
SHA1
71c1952158eb43d9b21cf018ef65a99b01682a74
-
SHA256
edc44a84ce28569564d054b7cd9326d9b839ecd84bd3a3f2f71d1507a67c7c12
-
SHA512
7b938ac125e656a92946cb5bdf12828e4405e3b49a893532cefa2e6899d75afe8ccc68c57d977d24a0083b130c8ff0d6102754918e599b74e960d0b0330fae3b
-
SSDEEP
49152:SIiHsAJScXAJvVqnAgGTveta7OPggaV/KjiVOSYu9dQvqh:FnAJScqqnAgGTga7O/aV/KjiLh3Qvqh
Score
10/10
Malware Config
Extracted
Credentials
Protocol: ftp- Host:
45.151.135.235 - Port:
21 - Username:
123 - Password:
123
Signatures
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\tmp.exe"C:\Users\Admin\AppData\Local\Temp\tmp.exe"1⤵
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2004-135-0x00000000065F0000-0x0000000006600000-memory.dmpFilesize
64KB
-
memory/2004-136-0x00000000065F0000-0x0000000006600000-memory.dmpFilesize
64KB
-
memory/2004-138-0x00000000065F0000-0x0000000006600000-memory.dmpFilesize
64KB
-
memory/2004-137-0x00000000065F0000-0x0000000006600000-memory.dmpFilesize
64KB
-
memory/2004-140-0x00000000065F0000-0x0000000006600000-memory.dmpFilesize
64KB
-
memory/2004-141-0x00000000065F0000-0x0000000006600000-memory.dmpFilesize
64KB
-
memory/2004-142-0x00000000065F0000-0x0000000006600000-memory.dmpFilesize
64KB
-
memory/2004-143-0x00000000065F0000-0x0000000006600000-memory.dmpFilesize
64KB