Overview

overview

3

Static

static

3

tmp.exe

windows7-x64

1

tmp.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    98s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    15-06-2023 11:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tmp.exe

  • Size

    2.6MB

  • MD5

    f2eb3be27dacf7222e7aab3db3f87df9

  • SHA1

    a3fef8f82a55811883557aafdde8e7aa5ec3ba84

  • SHA256

    bf5f5cc06631e0e3f7544664f89f87d0a7b571262a20039d959245c5ac068cfa

  • SHA512

    bc32fe99b682c7c8e4c8faf595eafa7d6eb5480ccae775c99ae2b5f7d3081376fd5f659e8f81f5352c030e06e72ff125ed440b3159601fee1bfa828bc0a025f3

  • SSDEEP

    49152:dvxCFpv1J+6OJw9MKlG4ytMghKJtnT4Nl:a/+6OJw9MKlG4yVStw

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\tmp.exe
    "C:\Users\Admin\AppData\Local\Temp\tmp.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:1324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\Documents\yaohuo\config.ini
    Filesize

    795B

    MD5

    0ac2c9b7a97368f8b5210f5d1d5d1e18

    SHA1

    09353bfc2603e7a6ec76244a88befb1f2119b8d1

    SHA256

    0828c93e6d6e81405d8f5deccb532f49354dc509df691dd70a355844f38b1c27

    SHA512

    75e5b06c39232cb491b9ebd93d526b2a32c067cea8d5eaec1fd4a131a6968e1b90b816abf5fab5d9916b670d9fd6bff4afaa9916ef375537ed737c65b67bd3d7

    Download Submit

  • C:\Users\Admin\Documents\yaohuo\zy\LY300164
    Filesize

    583B

    MD5

    ab60b386b7385bbc261099858c0a1c21

    SHA1

    c8e9b8def3ada603b707d14c4ce9e96013548e3f

    SHA256

    203209c694b59d0621704dd37b33e867937e167dcb1138e32b992a4ef0ea4a39

    SHA512

    eaac341be1e58c347d9ff7aaf90ad0726ddd53570cde13a50f22de1cfe1c9bc3d3dd00fc42bdfb80bc822ad3828f93ce6ec096c3437968a7ad63a9fe950e53f4

    Download Submit

  • memory/1324-56-0x00000000002E0000-0x00000000002E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1324-85-0x00000000002D0000-0x00000000002D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1324-86-0x00000000003C0000-0x00000000003C8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1324-88-0x00000000002F0000-0x00000000002F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1324-87-0x0000000000390000-0x0000000000391000-memory.dmp

    Filesize

    4KB

    Download