Overview

overview

7

Static

static

3

2b789fa109...ex.exe

windows7-x64

7

2b789fa109...ex.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    139s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-07-2023 12:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2b789fa1093e0dexeexeexeex.exe

  • Size

    366KB

  • MD5

    2b789fa1093e0d8830c33360ed79e6ae

  • SHA1

    fc38d44fc3a83d5c49ff9057b0b6193c2cc42cd5

  • SHA256

    68c824f12995c52ea4d17236dc53b5982dee748804e799d3fdf80cae4d99f3e1

  • SHA512

    9309a2b587ae36164d9fde3f18641c976d21542ca1fcf73a1e11a70d1f2330860579c1e3ef90ad3576d7aff8d1abea6c02a0145aab5760700d005b2f05eddf62

  • SSDEEP

    6144:1plrlbbDdQaqd2X/96fr3KFEUGjr8uB2WgcA0cpXEVNrvGZ4FUqm6:1plrVbDdQaqdS/ofraFErH8uB2Wm0SXj

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2b789fa1093e0dexeexeexeex.exe
    "C:\Users\Admin\AppData\Local\Temp\2b789fa1093e0dexeexeexeex.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3876
    • C:\Program Files\dependant\shipped.exe
      "C:\Program Files\dependant\shipped.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:1124

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\dependant\shipped.exe
    Filesize

    366KB

    MD5

    2efdbe4801b6f713d663438ba5399daf

    SHA1

    86658c65d4e1d60718b89d257cadd663835a06df

    SHA256

    224f0366e16b7f111da425c0871fa030439bc2ef6c21e2b8f51d2e0ff89ed10c

    SHA512

    d004a79910ec95122f456f76be103cfc993732a9819d9d4cc36279d6533bd2c6fadaeaf56724be8acfcf69a82c88d9d30103f7d43b5aaf69586663facb93232a

    Download Submit

  • C:\Program Files\dependant\shipped.exe
    Filesize

    366KB

    MD5

    2efdbe4801b6f713d663438ba5399daf

    SHA1

    86658c65d4e1d60718b89d257cadd663835a06df

    SHA256

    224f0366e16b7f111da425c0871fa030439bc2ef6c21e2b8f51d2e0ff89ed10c

    SHA512

    d004a79910ec95122f456f76be103cfc993732a9819d9d4cc36279d6533bd2c6fadaeaf56724be8acfcf69a82c88d9d30103f7d43b5aaf69586663facb93232a

    Download Submit