Overview

overview

7

Static

static

7

e717bea129...d1.exe

windows7-x64

5

e717bea129...d1.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    105s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-05-2023 05:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e717bea129d5b3b17b1d7b59cb31782f2561e7c560e190003dce7c62ef44f8d1.exe

  • Size

    2.2MB

  • MD5

    2032bc30b58069c446007e2f8d91c75b

  • SHA1

    beab01a5544464bb50f326d80fe450910b897d62

  • SHA256

    e717bea129d5b3b17b1d7b59cb31782f2561e7c560e190003dce7c62ef44f8d1

  • SHA512

    2989ac76eec170becd44776b555d701a0c48f985b9568ead52aeda188bc2e0d3a183ea7824d795951c10aead721210b71285eb2df6c77a638908c1ebbeae411d

  • SSDEEP

    49152:GosN5uxEXiemlxN/jh8APpMvO7qM7D1MuGssjK3gyo4Bbir8OlgwSml:GosNYKX9Uxxh8kkCunL23foYzHml

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e717bea129d5b3b17b1d7b59cb31782f2561e7c560e190003dce7c62ef44f8d1.exe
    "C:\Users\Admin\AppData\Local\Temp\e717bea129d5b3b17b1d7b59cb31782f2561e7c560e190003dce7c62ef44f8d1.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4252
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c echo t>C:\Windows\system32\administratortestpermissions10041
      2⤵
      • Drops file in System32 directory
      PID:3384

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \??\c:\windows\SysWOW64\administratortestpermissions10041
    Filesize

    3B

    MD5

    5696feb53a6ad364e3da313d7bb865c2

    SHA1

    43ac804404d56225c9e0e44018b43c0e46b4be53

    SHA256

    9e8b03ea3b48312f8e3a15bec7aa85c96a362e2776ac6bc3dfd74a40022bcc8a

    SHA512

    e4771bcec6bb86578ddb042a126683675e3cca83614f22bf44721b7cfddaa067ed162e692650e48a474d50e3de4728a6bfe4083500580998152cd2b4918b8516

    Download Submit
  • memory/4252-133-0x0000000000400000-0x00000000009B5000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/4252-134-0x0000000000400000-0x00000000009B5000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/4252-135-0x0000000000400000-0x00000000009B5000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/4252-136-0x0000000000400000-0x00000000009B5000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/4252-137-0x0000000000400000-0x00000000009B5000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/4252-138-0x0000000000400000-0x00000000009B5000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/4252-139-0x0000000000400000-0x00000000009B5000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/4252-145-0x0000000000400000-0x00000000009B5000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/4252-146-0x0000000000400000-0x00000000009B5000-memory.dmp
    Filesize

    5.7MB

    Download