be0998bdd1740994e485670ed39121b551f7f5eef3d19bc1d49b93e2c4a2c380

Analysis

max time kernel
15s
max time network
11s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
25/04/2023, 18:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

stub.exe
Size

3.6MB
MD5

1ed605b24e884fab8603f62406bcab0d
SHA1

7d48e5349646326e89901052ca3e354f6607a8b8
SHA256

be0998bdd1740994e485670ed39121b551f7f5eef3d19bc1d49b93e2c4a2c380
SHA512

1359561a293874784e4d21d5b28298297f124d976a1625b9275a7c5092696e20716945c7845074d622cfb1755f60da456fa04532fd0a79557f615e46931773e3
SSDEEP

98304:P7f1Fj0rOpJWMcm5Vu/PLVzA2tqnuDgCB8Y45Mx:j1Fj0rOp4Mcm5k/DBA2Mwgg8Y7

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1960	calc.exe
2216	XLBugReport.exe

Loads dropped DLL 4 IoCs

pid	Process
2216	XLBugReport.exe
2216	XLBugReport.exe
2216	XLBugReport.exe
2216	XLBugReport.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings	calc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2292	OpenWith.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 3340 wrote to memory of 180	3340	stub.exe	88
PID 3340 wrote to memory of 180	3340	stub.exe	88
PID 3340 wrote to memory of 532	3340	stub.exe	87
PID 3340 wrote to memory of 532	3340	stub.exe	87
PID 532 wrote to memory of 1960	532	cmd.exe	90
PID 532 wrote to memory of 1960	532	cmd.exe	90
PID 180 wrote to memory of 2216	180	cmd.exe	89
PID 180 wrote to memory of 2216	180	cmd.exe	89
PID 180 wrote to memory of 2216	180	cmd.exe	89

C:\Users\Admin\AppData\Local\Temp\stub.exe
"C:\Users\Admin\AppData\Local\Temp\stub.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3340
- C:\Windows\system32\cmd.exe
  "cmd" /C C:\Users\Admin\AppData\Local\Temp\calc.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:532
- - C:\Users\Admin\AppData\Local\Temp\calc.exe
    C:\Users\Admin\AppData\Local\Temp\calc.exe
    3⤵
    - Executes dropped EXE
    - Modifies registry class
    PID:1960
- C:\Windows\system32\cmd.exe
  "cmd" /C C:\Users\Admin\AppData\Local\Temp\\XLBugReport.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:180
- - C:\Users\Admin\AppData\Local\Temp\XLBugReport.exe
    C:\Users\Admin\AppData\Local\Temp\\XLBugReport.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2216

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2292

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\LIBEAY32.dll

Filesize
1.4MB

MD5
ff5c63efbba91a0eec9fc645da655b4c

SHA1
d225ceff3601b57add69df7d854b2348a8980255

SHA256
e1fbb97ff3607d569d584f78ce77a9dd2cf64dca05aebdbf3e55c9711e07b3be

SHA512
96b963823d7a28e4d4ecd703aa26ad3d3e1d4086e09a4cc08ca88c30c9b8ceb42b7daf184e33b9175f87a566e78028cca3e6ab90ed6537598677f27b15eefce5

Download Submit
C:\Users\Admin\AppData\Local\Temp\XLBugReport.exe

Filesize
870KB

MD5
f9b01a5310ebc0759222c659f7fa0720

SHA1
7046f66d0210887613b39ba6426f955e1e83abfe

SHA256
2368b4c67c898ba8b4b2ff27fd2434a2c5e8cc34a8139f099512e1d607147b88

SHA512
287663c86c95ebcf2d45164f83e69506edd0ccfc9f16481caa549c2a0553cc4457f082881464c57597420778f1656ec7f5d66f863db2e390048800b8f40a179c

Download Submit
C:\Users\Admin\AppData\Local\Temp\calc.exe

Filesize
27KB

MD5
5da8c98136d98dfec4716edd79c7145f

SHA1
ed13af4a0a754b8daee4929134d2ff15ebe053cd

SHA256
58189cbd4e6dc0c7d8e66b6a6f75652fc9f4afc7ce0eba7d67d8c3feb0d5381f

SHA512
6e2b067760ec178cdcc4df04c541ce6940fc2a0cdd36f57f4d6332e38119dbc5e24eb67c11d2c8c8ffeed43533c2dd8b642d2c7c997c392928091b5ccce7582a

Download Submit
C:\Users\Admin\AppData\Local\Temp\libcurl.dll

Filesize
652KB

MD5
e7126acb413094fffd41aa4d1560b04e

SHA1
07d0f09199f45e2a5a262b60b0fc71f8798946e6

SHA256
ce18cc1b086ab54ecba8155d351c30928d0f335954b9858a90a3e94a31db167d

SHA512
62af143a42ae492bfc54ca9602bbb422daf8c51994d25cdce69f1a053c20888aab078cbe2e7d9b1aa4b61cdc806235477872182a63bb98547ec9b171ff022271

Download Submit
C:\Users\Admin\AppData\Local\Temp\libcurl.dll

Filesize
652KB

MD5
e7126acb413094fffd41aa4d1560b04e

SHA1
07d0f09199f45e2a5a262b60b0fc71f8798946e6

SHA256
ce18cc1b086ab54ecba8155d351c30928d0f335954b9858a90a3e94a31db167d

SHA512
62af143a42ae492bfc54ca9602bbb422daf8c51994d25cdce69f1a053c20888aab078cbe2e7d9b1aa4b61cdc806235477872182a63bb98547ec9b171ff022271

Download Submit
C:\Users\Admin\AppData\Local\Temp\libeay32.dll

Filesize
1.4MB

MD5
ff5c63efbba91a0eec9fc645da655b4c

SHA1
d225ceff3601b57add69df7d854b2348a8980255

SHA256
e1fbb97ff3607d569d584f78ce77a9dd2cf64dca05aebdbf3e55c9711e07b3be

SHA512
96b963823d7a28e4d4ecd703aa26ad3d3e1d4086e09a4cc08ca88c30c9b8ceb42b7daf184e33b9175f87a566e78028cca3e6ab90ed6537598677f27b15eefce5

Download Submit
C:\Users\Admin\AppData\Local\Temp\minizip.dll

Filesize
21KB

MD5
7cd19c766113bf3ddc4d4333d6685323

SHA1
15b9f937b74458f65a65de6e9e78c63973650762

SHA256
e2dddf81b567bf7ea8ef6babda5863edc83d1b65d02b28539a389a584f511d11

SHA512
3cddd9000aa52fc338720820c37191552eeb5acc6a42885eefcdc2c303ca01577a43975753b44c3dbb2938eef9e9ef87df77781caecdb4c3f05a26e003ccbd05

Download Submit
C:\Users\Admin\AppData\Local\Temp\minizip.dll

Filesize
21KB

MD5
7cd19c766113bf3ddc4d4333d6685323

SHA1
15b9f937b74458f65a65de6e9e78c63973650762

SHA256
e2dddf81b567bf7ea8ef6babda5863edc83d1b65d02b28539a389a584f511d11

SHA512
3cddd9000aa52fc338720820c37191552eeb5acc6a42885eefcdc2c303ca01577a43975753b44c3dbb2938eef9e9ef87df77781caecdb4c3f05a26e003ccbd05

Download Submit
C:\Users\Admin\AppData\Local\Temp\zlib1.dll

Filesize
93KB

MD5
a201afed6a8fceaedfdd56e9a11be64f

SHA1
16fecd4909ce208985f536ec55faec154169d9ad

SHA256
5675497599632aabe6608cfad47ff42533b8b3d395700b6d17c07a0d7d8ffdf8

SHA512
7da3b3b3590f1ae612a7957023470d0047c52c583edf27254d24d13a4c8c4d114d7657ffdf473043fc672851cea1eea57cc407729df046f94200867caeced396

Download Submit
C:\Users\Admin\AppData\Local\Temp\zlib1.dll

Filesize
93KB

MD5
a201afed6a8fceaedfdd56e9a11be64f

SHA1
16fecd4909ce208985f536ec55faec154169d9ad

SHA256
5675497599632aabe6608cfad47ff42533b8b3d395700b6d17c07a0d7d8ffdf8

SHA512
7da3b3b3590f1ae612a7957023470d0047c52c583edf27254d24d13a4c8c4d114d7657ffdf473043fc672851cea1eea57cc407729df046f94200867caeced396

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads