Overview

overview

7

Static

static

3

9125a3d829...ex.exe

windows7-x64

7

9125a3d829...ex.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    139s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-07-2023 17:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9125a3d8295756exeexeexeex.exe

  • Size

    407KB

  • MD5

    9125a3d82957561d1bb0a4b939be43b7

  • SHA1

    695c05f633c638864435f453f06b57c2bcd98d22

  • SHA256

    64d5a4fb9ccd9dbe359e4a15b02e05bbabf502bdbfb283a4e846f9c0ffcbc554

  • SHA512

    4cac728d2cb3dcf25d19d6ba7849b9bf7a09f76ae36cfe649f313590ce822166b5d0a1056f70538c5fc83888d520d6c67f0f00b5c8a4dd6d055deabcd0d8b2db

  • SSDEEP

    12288:4plrVbDdQaqdS/ofraFErH8uB2Wm0SXsNr5FU:kxRQ+Fucuvm0as

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9125a3d8295756exeexeexeex.exe
    "C:\Users\Admin\AppData\Local\Temp\9125a3d8295756exeexeexeex.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2064
    • C:\Program Files\folder\convention.exe
      "C:\Program Files\folder\convention.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\folder\convention.exe
    Filesize

    408KB

    MD5

    67acef05c3ab3d4a455190f647eb5cff

    SHA1

    c453365326bdb1ab47fd6ed4dbc80efdd954f4ac

    SHA256

    7266f66a1db84d15615ad953a7ae436c48aa468b6680ffce97833011945ce1e1

    SHA512

    20fc3ad0c458b64083aa89b6ab3a393c87d19c408a58779462b4ec3a518da01d0abb4a0b90860abb12d7ce97bb50dd1122d0554cbe990a320d061ea09f50786b

    Download Submit

  • C:\Program Files\folder\convention.exe
    Filesize

    408KB

    MD5

    67acef05c3ab3d4a455190f647eb5cff

    SHA1

    c453365326bdb1ab47fd6ed4dbc80efdd954f4ac

    SHA256

    7266f66a1db84d15615ad953a7ae436c48aa468b6680ffce97833011945ce1e1

    SHA512

    20fc3ad0c458b64083aa89b6ab3a393c87d19c408a58779462b4ec3a518da01d0abb4a0b90860abb12d7ce97bb50dd1122d0554cbe990a320d061ea09f50786b

    Download Submit