Overview

overview

10

Static

static

10

tmp.exe

windows7-x64

7

tmp.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    105s
  • max time network
    115s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/03/2023, 09:16

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    tmp.exe

  • Size

    1.1MB

  • MD5

    e39c25789ab24d180fa917c9007bc924

  • SHA1

    bf92a766f20049be5e50368f58f3805fd82905a0

  • SHA256

    644ac642378569039c33224394ac8f3be5c3c09b1fb746ab25142f568b156f69

  • SHA512

    d24ad688ad48cc6d26d6dd30f207c5e750d45097517efccbc831ec4d268c0179844bec640ee0f9e2b352b6879d493c92723908aa30b2176215ff43d0564a2c94

  • SSDEEP

    24576:UojFgm74ZoxJ/kJOXJL+5ozolSHtn2mKgSNe5FOphi0joI19H:Ust/kJosS0mK9WOzi0v

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 34 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\tmp.exe
    "C:\Users\Admin\AppData\Local\Temp\tmp.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1780
    • C:\Windows\Help\240571968.V8d
      C:\Windows\Help\240571968.V8d 532A4C47797E747F67634C58757C604C2224202527212926283E2325645052235451255229242723555256512455522651562129232823292121245654553E6A7960506C24273E29263E2121223E2224226C
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:4360

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\Help\240571968.V8d
          Filesize

          904KB

          MD5

          ac2bde311bf7fb9e602a8c9cf8362161

          SHA1

          2ca61fb116069fe72ce2a743f849ca54621af775

          SHA256

          d36d500b490a07cc00b44e1f5407238dc11f8df3476db47f8c7f3b339f425a94

          SHA512

          fc63c6f86da1f1acc6fd13c8e6a2b523f0237b33ecdd2a169c93d7a306e1df6b0915bf5825b46cd7d5b2ce33b15f7789273b90fed1cde0f3a2b543b03e0b4fcc

          Download Submit

        • C:\Windows\Help\240571968.V8d
          Filesize

          904KB

          MD5

          ac2bde311bf7fb9e602a8c9cf8362161

          SHA1

          2ca61fb116069fe72ce2a743f849ca54621af775

          SHA256

          d36d500b490a07cc00b44e1f5407238dc11f8df3476db47f8c7f3b339f425a94

          SHA512

          fc63c6f86da1f1acc6fd13c8e6a2b523f0237b33ecdd2a169c93d7a306e1df6b0915bf5825b46cd7d5b2ce33b15f7789273b90fed1cde0f3a2b543b03e0b4fcc

          Download Submit