Overview

overview

7

Static

static

3

aab9836d11...ex.exe

windows7-x64

7

aab9836d11...ex.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-07-2023 09:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aab9836d111f90exeexeexeex.exe

  • Size

    408KB

  • MD5

    aab9836d111f90d23d0dda90057f5d93

  • SHA1

    2fd50ecf135e60c82805870f14e96234efe284ce

  • SHA256

    aaa8e109b4a2f6d1fb98d1bc46a76758e1bab92670728fc31bb54a92cca2a6c3

  • SHA512

    959fb494ae84c72365126fbdf849c77259e0db85aac92ce4be064aef9b1d54ffb8230b77b1a49f0e3a796a13f388b5d226f575c3a81418d075ed4a0f6ab9cbe4

  • SSDEEP

    12288:fplrVbDdQaqdS/ofraFErH8uB2Wm0SXsNr5FU:xxRQ+Fucuvm0as

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\aab9836d111f90exeexeexeex.exe
    "C:\Users\Admin\AppData\Local\Temp\aab9836d111f90exeexeexeex.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3712
    • C:\Program Files\alternatives\accordingly.exe
      "C:\Program Files\alternatives\accordingly.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:3056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\alternatives\accordingly.exe
    Filesize

    409KB

    MD5

    6743fc5212bf0e47766709ef3b7c4333

    SHA1

    41b8ff9836f1d601c533bbb65e9dd5cd33f974b8

    SHA256

    6e09d180027b3baab6c67df238e606ea4856a4f07d3f8a66f8e5f014cb9813b4

    SHA512

    4c7a3aeab6d5ea07b9815ae66a75f2d2125db63d778cc257cba98b8dd0326c248a6404086a87218f9a5780a7b68729af8735a8b0ab4887f823fb2c0377e55a6d

    Download Submit

  • C:\Program Files\alternatives\accordingly.exe
    Filesize

    409KB

    MD5

    6743fc5212bf0e47766709ef3b7c4333

    SHA1

    41b8ff9836f1d601c533bbb65e9dd5cd33f974b8

    SHA256

    6e09d180027b3baab6c67df238e606ea4856a4f07d3f8a66f8e5f014cb9813b4

    SHA512

    4c7a3aeab6d5ea07b9815ae66a75f2d2125db63d778cc257cba98b8dd0326c248a6404086a87218f9a5780a7b68729af8735a8b0ab4887f823fb2c0377e55a6d

    Download Submit