Analysis
-
max time kernel
142s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
11/07/2023, 07:49
Static task
static1
Behavioral task
behavioral1
Sample
eb5831dafed260exeexeexeex.exe
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
eb5831dafed260exeexeexeex.exe
Resource
win10v2004-20230703-en
General
-
Target
eb5831dafed260exeexeexeex.exe
-
Size
406KB
-
MD5
eb5831dafed260312311c5a6cf194f86
-
SHA1
4bb1d8e8ffaec4887168e34179b8949a33451f17
-
SHA256
deed7c2e10740dd30d2d37a770d408ec41945a73fd140bb9ae424ec1975b5b81
-
SHA512
cbcf0edb088c349175b67417416dba1369e724ad4e872999cf3ccbcbe49417ae563f9c5ed54baaaf87260904dda4ce755e014cb8f9f519489e2e4cd9592b8bf0
-
SSDEEP
12288:pplrVbDdQaqdS/ofraFErH8uB2Wm0SXsNr5FU:rxRQ+Fucuvm0as
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 3032 Dinstall.exe -
Drops file in System32 directory 1 IoCs
description ioc Process File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{278BB7A1-8EFD-4630-9885-1791DA52C122}.catalogItem svchost.exe -
Drops file in Program Files directory 1 IoCs
description ioc Process File created C:\Program Files\demonstrates\Dinstall.exe eb5831dafed260exeexeexeex.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
pid Process 2948 eb5831dafed260exeexeexeex.exe 2948 eb5831dafed260exeexeexeex.exe 2948 eb5831dafed260exeexeexeex.exe 2948 eb5831dafed260exeexeexeex.exe 3032 Dinstall.exe 3032 Dinstall.exe 3032 Dinstall.exe 3032 Dinstall.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2948 wrote to memory of 3032 2948 eb5831dafed260exeexeexeex.exe 81 PID 2948 wrote to memory of 3032 2948 eb5831dafed260exeexeexeex.exe 81 PID 2948 wrote to memory of 3032 2948 eb5831dafed260exeexeexeex.exe 81
Processes
-
C:\Users\Admin\AppData\Local\Temp\eb5831dafed260exeexeexeex.exe"C:\Users\Admin\AppData\Local\Temp\eb5831dafed260exeexeexeex.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2948 -
C:\Program Files\demonstrates\Dinstall.exe"C:\Program Files\demonstrates\Dinstall.exe" "33201"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3032
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs -p1⤵
- Drops file in System32 directory
PID:4640
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
407KB
MD5d69ac42f5cb98a5c781d6f1bea2cb96c
SHA14056aad3a8b6a4ae7b83adb3ac7be734d32a67ca
SHA256a13b4b50c8db4984a464e09429437f9597281d166eabb71bbfdfe8d0ee16841c
SHA51295fe1391ebe109a2ada4c1e7659d3e3f50074cb13c98c041d0ade3a85ba6fe904b134d9ffa3d69b19165dd56c382c656d1ae73f6757d5b12b76ae528207c4a14
-
Filesize
407KB
MD5d69ac42f5cb98a5c781d6f1bea2cb96c
SHA14056aad3a8b6a4ae7b83adb3ac7be734d32a67ca
SHA256a13b4b50c8db4984a464e09429437f9597281d166eabb71bbfdfe8d0ee16841c
SHA51295fe1391ebe109a2ada4c1e7659d3e3f50074cb13c98c041d0ade3a85ba6fe904b134d9ffa3d69b19165dd56c382c656d1ae73f6757d5b12b76ae528207c4a14