Overview

overview

7

Static

static

3

68d00beff5...ex.exe

windows7-x64

7

68d00beff5...ex.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    28s
  • max time network
    32s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    08/07/2023, 09:44

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    68d00beff5534fexeexeexeex.exe

  • Size

    271KB

  • MD5

    68d00beff5534f2c7d7117b3d0af67f4

  • SHA1

    147dd2f91c80e1599cbf2aa0a0dfeaa7e9cb738e

  • SHA256

    c6bf94822591cbf7adb155fee61fbb6314601b35cb9998e9e1344d4b3cf3a26b

  • SHA512

    cfdb8771aba659bb97346aab75e4f7cfa9794927ae48a8ff9752adfe5d4e138b257ce483db5caed3a25dd9b2eee8f124eabb28412f5191cd489aff2e8d468300

  • SSDEEP

    3072:lxUm75Fku3eKeJk21ZSJReOqlz+mErj+HyHnNVIPL/+ybbiGF+1u46Q7q303lU8O:fU8DkpP1oJ1qlzUWUNVIT/bbbIW09R

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\68d00beff5534fexeexeexeex.exe
    "C:\Users\Admin\AppData\Local\Temp\68d00beff5534fexeexeexeex.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3004
    • C:\Program Files\obtained\Employ.exe
      "C:\Program Files\obtained\Employ.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:3068

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files\obtained\Employ.exe
          Filesize

          271KB

          MD5

          ae4d76a5c386c1c6f9cf351694d042b0

          SHA1

          4bc2802393b516b0d5b844a1342e914829f6e671

          SHA256

          bc08310d166332691e896a0f15ad0ab8f4e98a15cd5daa373efdfe6d8d543dec

          SHA512

          6ca7e52b062d648ab106768c4ec53109f33876d094daea90741a46cd3624a71dedcc6faac6bba6e741c9845892764906c0419fb3dbaad5c782b5dbe5a731fe12

          Download Submit

        • C:\Program Files\obtained\Employ.exe
          Filesize

          271KB

          MD5

          ae4d76a5c386c1c6f9cf351694d042b0

          SHA1

          4bc2802393b516b0d5b844a1342e914829f6e671

          SHA256

          bc08310d166332691e896a0f15ad0ab8f4e98a15cd5daa373efdfe6d8d543dec

          SHA512

          6ca7e52b062d648ab106768c4ec53109f33876d094daea90741a46cd3624a71dedcc6faac6bba6e741c9845892764906c0419fb3dbaad5c782b5dbe5a731fe12

          Download Submit

        • \Program Files\obtained\Employ.exe
          Filesize

          271KB

          MD5

          ae4d76a5c386c1c6f9cf351694d042b0

          SHA1

          4bc2802393b516b0d5b844a1342e914829f6e671

          SHA256

          bc08310d166332691e896a0f15ad0ab8f4e98a15cd5daa373efdfe6d8d543dec

          SHA512

          6ca7e52b062d648ab106768c4ec53109f33876d094daea90741a46cd3624a71dedcc6faac6bba6e741c9845892764906c0419fb3dbaad5c782b5dbe5a731fe12

          Download Submit

        • \Program Files\obtained\Employ.exe
          Filesize

          271KB

          MD5

          ae4d76a5c386c1c6f9cf351694d042b0

          SHA1

          4bc2802393b516b0d5b844a1342e914829f6e671

          SHA256

          bc08310d166332691e896a0f15ad0ab8f4e98a15cd5daa373efdfe6d8d543dec

          SHA512

          6ca7e52b062d648ab106768c4ec53109f33876d094daea90741a46cd3624a71dedcc6faac6bba6e741c9845892764906c0419fb3dbaad5c782b5dbe5a731fe12

          Download Submit