Overview

overview

7

Static

static

3

059a819acf...ex.exe

windows7-x64

7

059a819acf...ex.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    31s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    05/07/2023, 15:08

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    059a819acfaf5dexeexeexeex.exe

  • Size

    409KB

  • MD5

    059a819acfaf5dd053f9fdc365c4b23b

  • SHA1

    d1fdaaddaedf57406d11f8c64ebeb1bccafe4c5f

  • SHA256

    2b3efd1f96476712e8f1abea789b3f5855b65c5ba10beb8dc0484bf85dde5d9f

  • SHA512

    7aea486c500e02f94186b8252d2686c955301eff56cc3a8169e781e24e33ec0d3e78cf7c3cfe097419a3d7d75c6f064d0edf3b3053365652d885f4f6439b86a3

  • SSDEEP

    12288:lplrVbDdQaqdS/ofraFErH8uB2Wm0SXsNr5FU:XxRQ+Fucuvm0as

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\059a819acfaf5dexeexeexeex.exe
    "C:\Users\Admin\AppData\Local\Temp\059a819acfaf5dexeexeexeex.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2380
    • C:\Program Files\following\Redist.exe
      "C:\Program Files\following\Redist.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:1100

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files\following\Redist.exe
          Filesize

          409KB

          MD5

          64c33b05290a6b252722daac781f13ba

          SHA1

          3de62e0c13e00e14fed9033278ac774933823bf1

          SHA256

          2c26e2afa4ad6edcbe33768fe4f3a464f1ec262dabbedd29b0ee467b411f1a4c

          SHA512

          70c9686456a322fa43a8696cf39ca141bc8eb04bb32528bccf021babb18d90c2fb37b0139708c2b7938992f9bc40da33b36d7e30d06da150695e15f1747fa6ba

          Download Submit

        • C:\Program Files\following\Redist.exe
          Filesize

          409KB

          MD5

          64c33b05290a6b252722daac781f13ba

          SHA1

          3de62e0c13e00e14fed9033278ac774933823bf1

          SHA256

          2c26e2afa4ad6edcbe33768fe4f3a464f1ec262dabbedd29b0ee467b411f1a4c

          SHA512

          70c9686456a322fa43a8696cf39ca141bc8eb04bb32528bccf021babb18d90c2fb37b0139708c2b7938992f9bc40da33b36d7e30d06da150695e15f1747fa6ba

          Download Submit

        • \Program Files\following\Redist.exe
          Filesize

          409KB

          MD5

          64c33b05290a6b252722daac781f13ba

          SHA1

          3de62e0c13e00e14fed9033278ac774933823bf1

          SHA256

          2c26e2afa4ad6edcbe33768fe4f3a464f1ec262dabbedd29b0ee467b411f1a4c

          SHA512

          70c9686456a322fa43a8696cf39ca141bc8eb04bb32528bccf021babb18d90c2fb37b0139708c2b7938992f9bc40da33b36d7e30d06da150695e15f1747fa6ba

          Download Submit

        • \Program Files\following\Redist.exe
          Filesize

          409KB

          MD5

          64c33b05290a6b252722daac781f13ba

          SHA1

          3de62e0c13e00e14fed9033278ac774933823bf1

          SHA256

          2c26e2afa4ad6edcbe33768fe4f3a464f1ec262dabbedd29b0ee467b411f1a4c

          SHA512

          70c9686456a322fa43a8696cf39ca141bc8eb04bb32528bccf021babb18d90c2fb37b0139708c2b7938992f9bc40da33b36d7e30d06da150695e15f1747fa6ba

          Download Submit