Overview

overview

7

Static

static

3

d5bd8f4027...ex.exe

windows7-x64

7

d5bd8f4027...ex.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/07/2023, 17:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d5bd8f4027593bexeexeexeex.exe

  • Size

    407KB

  • MD5

    d5bd8f4027593bf9bd25ee5a47bb4e07

  • SHA1

    61bbae3b473386e221f2ff6733fd84e96f2cd269

  • SHA256

    64a7d72e56f7e547a569c8aa5148cd393de4af568ac039fedd1389ba859dae10

  • SHA512

    8c6eafd3f811165ff372dc36fea5ec4ccfc047a2db02897566a10d77a14370c4e2f67e34ae16be8b7a7574eec7b131c9a74d8312b662c8b72dbca6c36423775a

  • SSDEEP

    12288:LplrVbDdQaqdS/ofraFErH8uB2Wm0SXsNr5FU:9xRQ+Fucuvm0as

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d5bd8f4027593bexeexeexeex.exe
    "C:\Users\Admin\AppData\Local\Temp\d5bd8f4027593bexeexeexeex.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1592
    • C:\Program Files\structures\callback.exe
      "C:\Program Files\structures\callback.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:3564

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\structures\callback.exe
    Filesize

    407KB

    MD5

    cbcf8429fc390303760741daad10e162

    SHA1

    8d72cf4095be44e912213e341ed005540dd22f32

    SHA256

    80537bd426f5d9e4e20042912a2cf91642963e9edef518ff92de57ecf7fc9ffb

    SHA512

    fbcaec3a70c91efdc1fe9cb38f958f4c8b041f9a68cf85ba5113f7c5c8bf6305a657c84312aebd1568a8cd381b5f7d2ce3f4b732d7502baa483f1ccfdd551a70

    Download Submit

  • C:\Program Files\structures\callback.exe
    Filesize

    407KB

    MD5

    cbcf8429fc390303760741daad10e162

    SHA1

    8d72cf4095be44e912213e341ed005540dd22f32

    SHA256

    80537bd426f5d9e4e20042912a2cf91642963e9edef518ff92de57ecf7fc9ffb

    SHA512

    fbcaec3a70c91efdc1fe9cb38f958f4c8b041f9a68cf85ba5113f7c5c8bf6305a657c84312aebd1568a8cd381b5f7d2ce3f4b732d7502baa483f1ccfdd551a70

    Download Submit