8743d3a95345610cfbee0d15c5e75c37931e5df8ddb86dee3d58ba85be0be4c2

Analysis

max time kernel
142s
max time network
30s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
29-05-2023 10:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8743d3a95345610cfbee0d15c5e75c37931e5df8ddb86dee3d58ba85be0be4c2.exe
Size

5.7MB
MD5

6372b50eee2e86ba070912f0a0e739b9
SHA1

3e38fc9ba46a25ec4a23711763e20b0de97a6baf
SHA256

8743d3a95345610cfbee0d15c5e75c37931e5df8ddb86dee3d58ba85be0be4c2
SHA512

6e768494f28f256ccce9e59e7a3cd91c8c79913ad453ffc4692387db5389620b2006f44540ebbfe61c8f7cbdf56b6cbc2ecf3402a96cdf1b8e62eb69903def79
SSDEEP

98304:R/jFvc+sQMiRM/pP9KoEAWWH2e3MupyXb8PQg0XLo5oCt:xj9cnpJfKoEAWa2Qp68kL8t

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\yytmp\yyws1.tmp	8743d3a95345610cfbee0d15c5e75c37931e5df8ddb86dee3d58ba85be0be4c2.exe
File opened for modification	C:\Windows\SysWOW64\yytmp\ÓÑÒæÎÄÊé.exe	8743d3a95345610cfbee0d15c5e75c37931e5df8ddb86dee3d58ba85be0be4c2.exe
File created	C:\Windows\SysWOW64\yytmp\yadverser.tmp	8743d3a95345610cfbee0d15c5e75c37931e5df8ddb86dee3d58ba85be0be4c2.exe
File created	C:\Windows\SysWOW64\yytmp\yywsmu1.tmp	8743d3a95345610cfbee0d15c5e75c37931e5df8ddb86dee3d58ba85be0be4c2.exe
File created	C:\Windows\SysWOW64\yytmp\yywslk1.tmp	8743d3a95345610cfbee0d15c5e75c37931e5df8ddb86dee3d58ba85be0be4c2.exe
File created	C:\Windows\SysWOW64\yytmp\yywssx1.tmp	8743d3a95345610cfbee0d15c5e75c37931e5df8ddb86dee3d58ba85be0be4c2.exe
File opened for modification	C:\Windows\SysWOW64\yytmp\yywsmu1.tmp	8743d3a95345610cfbee0d15c5e75c37931e5df8ddb86dee3d58ba85be0be4c2.exe
File opened for modification	C:\Windows\SysWOW64\yytmp\yyws1.tmp	8743d3a95345610cfbee0d15c5e75c37931e5df8ddb86dee3d58ba85be0be4c2.exe
File opened for modification	C:\Windows\SysWOW64\yytmp\yywslk1.tmp	8743d3a95345610cfbee0d15c5e75c37931e5df8ddb86dee3d58ba85be0be4c2.exe
File opened for modification	C:\Windows\SysWOW64\yytmp\yywssx1.tmp	8743d3a95345610cfbee0d15c5e75c37931e5df8ddb86dee3d58ba85be0be4c2.exe
File created	C:\Windows\SysWOW64\yytmp\ÓÑÒæÎÄÊé.exe	8743d3a95345610cfbee0d15c5e75c37931e5df8ddb86dee3d58ba85be0be4c2.exe
File created	C:\Windows\SysWOW64\yytmp\ywsfiletmp.tmp	8743d3a95345610cfbee0d15c5e75c37931e5df8ddb86dee3d58ba85be0be4c2.exe

Modifies registry class 3 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Word.Document.8\EditFlags = "65536"	8743d3a95345610cfbee0d15c5e75c37931e5df8ddb86dee3d58ba85be0be4c2.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Excel.Sheet.8\EditFlags = "65536"	8743d3a95345610cfbee0d15c5e75c37931e5df8ddb86dee3d58ba85be0be4c2.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\PowerPoint.Show.8\EditFlags = "65536"	8743d3a95345610cfbee0d15c5e75c37931e5df8ddb86dee3d58ba85be0be4c2.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2024	8743d3a95345610cfbee0d15c5e75c37931e5df8ddb86dee3d58ba85be0be4c2.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2024	8743d3a95345610cfbee0d15c5e75c37931e5df8ddb86dee3d58ba85be0be4c2.exe
2024	8743d3a95345610cfbee0d15c5e75c37931e5df8ddb86dee3d58ba85be0be4c2.exe

C:\Users\Admin\AppData\Local\Temp\8743d3a95345610cfbee0d15c5e75c37931e5df8ddb86dee3d58ba85be0be4c2.exe
"C:\Users\Admin\AppData\Local\Temp\8743d3a95345610cfbee0d15c5e75c37931e5df8ddb86dee3d58ba85be0be4c2.exe"
1⤵
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2024

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2024-66-0x0000000000400000-0x000000000051E000-memory.dmp

Filesize
1.1MB

Download
memory/2024-67-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/2024-68-0x0000000000400000-0x000000000051E000-memory.dmp

Filesize
1.1MB

Download
memory/2024-69-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/2024-71-0x0000000000400000-0x000000000051E000-memory.dmp

Filesize
1.1MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads