deed7c2e10740dd30d2d37a770d408ec41945a73fd140bb9ae424ec1975b5b81

Analysis

max time kernel
27s
max time network
31s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
11/07/2023, 07:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eb5831dafed260exeexeexeex.exe
Size

406KB
MD5

eb5831dafed260312311c5a6cf194f86
SHA1

4bb1d8e8ffaec4887168e34179b8949a33451f17
SHA256

deed7c2e10740dd30d2d37a770d408ec41945a73fd140bb9ae424ec1975b5b81
SHA512

cbcf0edb088c349175b67417416dba1369e724ad4e872999cf3ccbcbe49417ae563f9c5ed54baaaf87260904dda4ce755e014cb8f9f519489e2e4cd9592b8bf0
SSDEEP

12288:pplrVbDdQaqdS/ofraFErH8uB2Wm0SXsNr5FU:rxRQ+Fucuvm0as

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2328	demonstrates.exe

Loads dropped DLL 2 IoCs

pid	Process
2060	eb5831dafed260exeexeexeex.exe
2060	eb5831dafed260exeexeexeex.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\customizing\demonstrates.exe	eb5831dafed260exeexeexeex.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2060	eb5831dafed260exeexeexeex.exe
2060	eb5831dafed260exeexeexeex.exe
2060	eb5831dafed260exeexeexeex.exe
2060	eb5831dafed260exeexeexeex.exe
2328	demonstrates.exe
2328	demonstrates.exe
2328	demonstrates.exe
2328	demonstrates.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2060 wrote to memory of 2328	2060	eb5831dafed260exeexeexeex.exe	29
PID 2060 wrote to memory of 2328	2060	eb5831dafed260exeexeexeex.exe	29
PID 2060 wrote to memory of 2328	2060	eb5831dafed260exeexeexeex.exe	29
PID 2060 wrote to memory of 2328	2060	eb5831dafed260exeexeexeex.exe	29

C:\Users\Admin\AppData\Local\Temp\eb5831dafed260exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\eb5831dafed260exeexeexeex.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2060
- C:\Program Files\customizing\demonstrates.exe
  "C:\Program Files\customizing\demonstrates.exe" "33201"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2328

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\customizing\demonstrates.exe

Filesize
407KB

MD5
d1493c95019e8f00d3ccddae9a910675

SHA1
fa86ccf6799469222c1c3c5bf377f059ad484581

SHA256
b7e52a94fa9207eb5fdce6854d27fcf9b5fe3cef4db72c30bda934a0fe18ad55

SHA512
75189474d32026684c25dac25266254ba699090155e771aa9e514505fdd0f3d9473aca0e1d3b9e357697c39a8c99c40f141e7626a752f732ee4c3587f3c571d8

Download Submit
C:\Program Files\customizing\demonstrates.exe

Filesize
407KB

MD5
d1493c95019e8f00d3ccddae9a910675

SHA1
fa86ccf6799469222c1c3c5bf377f059ad484581

SHA256
b7e52a94fa9207eb5fdce6854d27fcf9b5fe3cef4db72c30bda934a0fe18ad55

SHA512
75189474d32026684c25dac25266254ba699090155e771aa9e514505fdd0f3d9473aca0e1d3b9e357697c39a8c99c40f141e7626a752f732ee4c3587f3c571d8

Download Submit
\Program Files\customizing\demonstrates.exe

Filesize
407KB

MD5
d1493c95019e8f00d3ccddae9a910675

SHA1
fa86ccf6799469222c1c3c5bf377f059ad484581

SHA256
b7e52a94fa9207eb5fdce6854d27fcf9b5fe3cef4db72c30bda934a0fe18ad55

SHA512
75189474d32026684c25dac25266254ba699090155e771aa9e514505fdd0f3d9473aca0e1d3b9e357697c39a8c99c40f141e7626a752f732ee4c3587f3c571d8

Download Submit
\Program Files\customizing\demonstrates.exe

Filesize
407KB

MD5
d1493c95019e8f00d3ccddae9a910675

SHA1
fa86ccf6799469222c1c3c5bf377f059ad484581

SHA256
b7e52a94fa9207eb5fdce6854d27fcf9b5fe3cef4db72c30bda934a0fe18ad55

SHA512
75189474d32026684c25dac25266254ba699090155e771aa9e514505fdd0f3d9473aca0e1d3b9e357697c39a8c99c40f141e7626a752f732ee4c3587f3c571d8

Download Submit