Overview

overview

7

Static

static

3

3cdfc4d29d...ex.exe

windows7-x64

7

3cdfc4d29d...ex.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/07/2023, 13:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3cdfc4d29df814exeexeexeex.exe

  • Size

    408KB

  • MD5

    3cdfc4d29df814f2f11e645dbca80634

  • SHA1

    9461ff89e0501b4a2bf7947a82ebd010115defd9

  • SHA256

    a6a2d057beac2ca16ed23f9eb070666f1f1f1623fba20724cfed5a5c2e31890e

  • SHA512

    8fdf0012af391a50cb63a22434cd6b4afc9fea43b14be9b0c6edcbef86f8be9fac54c6d0bcfe088a6a737606dba2e9b1a29f00cd525f720ae507ccd99adc72c6

  • SSDEEP

    12288:MplrVbDdQaqdS/ofraFErH8uB2Wm0SXsNr5FU:YxRQ+Fucuvm0as

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3cdfc4d29df814exeexeexeex.exe
    "C:\Users\Admin\AppData\Local\Temp\3cdfc4d29df814exeexeexeex.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:5000
    • C:\Program Files\Schirmer\Addison.exe
      "C:\Program Files\Schirmer\Addison.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:3112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Schirmer\Addison.exe
    Filesize

    408KB

    MD5

    60c24454073a59b40477bdd21906d0c6

    SHA1

    c25e71a85aa7e0907d34a59077d323939a198da7

    SHA256

    b9d4f67b98e1cc9f73ddc58e8303f41edce6fe6819e8fe48b2c84035056be357

    SHA512

    4e7edb414d67544142cd398a4532dfbcc39c80f26562e288480100d327543117ddd9b7c03e4aed68c198d32231c4436108bbfda0b2d20ee0c868658120a94bec

    Download Submit

  • C:\Program Files\Schirmer\Addison.exe
    Filesize

    408KB

    MD5

    60c24454073a59b40477bdd21906d0c6

    SHA1

    c25e71a85aa7e0907d34a59077d323939a198da7

    SHA256

    b9d4f67b98e1cc9f73ddc58e8303f41edce6fe6819e8fe48b2c84035056be357

    SHA512

    4e7edb414d67544142cd398a4532dfbcc39c80f26562e288480100d327543117ddd9b7c03e4aed68c198d32231c4436108bbfda0b2d20ee0c868658120a94bec

    Download Submit