Analysis
-
max time kernel
148s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20230221-en -
resource tags
arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system -
submitted
21-03-2023 19:24
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20230220-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20230221-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
tmp.exe
-
Size
1.6MB
-
MD5
bb638f1ff8cb13e6d3f103ce356ca334
-
SHA1
71c1952158eb43d9b21cf018ef65a99b01682a74
-
SHA256
edc44a84ce28569564d054b7cd9326d9b839ecd84bd3a3f2f71d1507a67c7c12
-
SHA512
7b938ac125e656a92946cb5bdf12828e4405e3b49a893532cefa2e6899d75afe8ccc68c57d977d24a0083b130c8ff0d6102754918e599b74e960d0b0330fae3b
-
SSDEEP
49152:SIiHsAJScXAJvVqnAgGTveta7OPggaV/KjiVOSYu9dQvqh:FnAJScqqnAgGTga7O/aV/KjiLh3Qvqh
Score
10/10
Malware Config
Extracted
Credentials
Protocol: ftp- Host:
45.151.135.235 - Port:
21 - Username:
123 - Password:
123
Signatures
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
tmp.exepid process 2004 tmp.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2004-135-0x00000000065F0000-0x0000000006600000-memory.dmpFilesize
64KB
-
memory/2004-136-0x00000000065F0000-0x0000000006600000-memory.dmpFilesize
64KB
-
memory/2004-138-0x00000000065F0000-0x0000000006600000-memory.dmpFilesize
64KB
-
memory/2004-137-0x00000000065F0000-0x0000000006600000-memory.dmpFilesize
64KB
-
memory/2004-140-0x00000000065F0000-0x0000000006600000-memory.dmpFilesize
64KB
-
memory/2004-141-0x00000000065F0000-0x0000000006600000-memory.dmpFilesize
64KB
-
memory/2004-142-0x00000000065F0000-0x0000000006600000-memory.dmpFilesize
64KB
-
memory/2004-143-0x00000000065F0000-0x0000000006600000-memory.dmpFilesize
64KB