Overview

overview

7

Static

static

3

3041178056...ex.exe

windows7-x64

7

3041178056...ex.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    27s
  • max time network
    30s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    06/07/2023, 14:06

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    30411780561f06exeexeexeex.exe

  • Size

    374KB

  • MD5

    30411780561f065ae121ec50ceb2ef0e

  • SHA1

    2e2dbbcfb5c8d3abded3ebe0915df6093c109a26

  • SHA256

    9319087f3b0c36561a94304f086c6ecab58c65102140e1ad1b725f4c6ddfcb4b

  • SHA512

    1a3c427450225e8c493d4d276e7cc6a6aadc9584618f21c70dfe82624ef91a68fd8dc70fb5acd445915b9696454cb9d32a33f71d486b3e8d12a972e11ca861cd

  • SSDEEP

    6144:ZplrlbbDdQaqd2X/96fr3KFEUGjr8uB2WgcA0cpXEVNrvGZ4FUqm6:ZplrVbDdQaqdS/ofraFErH8uB2Wm0SXj

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\30411780561f06exeexeexeex.exe
    "C:\Users\Admin\AppData\Local\Temp\30411780561f06exeexeexeex.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2316
    • C:\Program Files\Internals\privileges.exe
      "C:\Program Files\Internals\privileges.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2268

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files\Internals\privileges.exe
          Filesize

          374KB

          MD5

          27bf786c542dfef2117017fb946092a5

          SHA1

          18502f235e8d90853a6329f8242c8734d8c883ce

          SHA256

          bbe2ef994b1809f8647f6b25638f9678f8a494ca231c8a3bfedc7df8601eaadd

          SHA512

          f9e27a63645a4964119b7431d99e72172d0c5c35da7a414f89fea8f0ee8507ac59e2c71f692a8dce901b6591063876dc2de977daea008daf490fda22d6b65f37

          Download Submit

        • C:\Program Files\Internals\privileges.exe
          Filesize

          374KB

          MD5

          27bf786c542dfef2117017fb946092a5

          SHA1

          18502f235e8d90853a6329f8242c8734d8c883ce

          SHA256

          bbe2ef994b1809f8647f6b25638f9678f8a494ca231c8a3bfedc7df8601eaadd

          SHA512

          f9e27a63645a4964119b7431d99e72172d0c5c35da7a414f89fea8f0ee8507ac59e2c71f692a8dce901b6591063876dc2de977daea008daf490fda22d6b65f37

          Download Submit

        • \Program Files\Internals\privileges.exe
          Filesize

          374KB

          MD5

          27bf786c542dfef2117017fb946092a5

          SHA1

          18502f235e8d90853a6329f8242c8734d8c883ce

          SHA256

          bbe2ef994b1809f8647f6b25638f9678f8a494ca231c8a3bfedc7df8601eaadd

          SHA512

          f9e27a63645a4964119b7431d99e72172d0c5c35da7a414f89fea8f0ee8507ac59e2c71f692a8dce901b6591063876dc2de977daea008daf490fda22d6b65f37

          Download Submit

        • \Program Files\Internals\privileges.exe
          Filesize

          374KB

          MD5

          27bf786c542dfef2117017fb946092a5

          SHA1

          18502f235e8d90853a6329f8242c8734d8c883ce

          SHA256

          bbe2ef994b1809f8647f6b25638f9678f8a494ca231c8a3bfedc7df8601eaadd

          SHA512

          f9e27a63645a4964119b7431d99e72172d0c5c35da7a414f89fea8f0ee8507ac59e2c71f692a8dce901b6591063876dc2de977daea008daf490fda22d6b65f37

          Download Submit