Overview

overview

7

Static

static

3

e44583e1c8...JC.exe

windows7-x64

7

e44583e1c8...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/07/2023, 12:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e44583e1c8b5d5exe_JC.exe

  • Size

    267KB

  • MD5

    e44583e1c8b5d5738d96505a656dfd2a

  • SHA1

    a2a01b6fb9dee8f65a8227149820848af2db79cb

  • SHA256

    2d531cdf3bd8b8aab7e2642a61320b9bd5dd65df5c6c6f83e3a54eddab9594ca

  • SHA512

    a47c45a39a3c7397bf0113e979a55c8264ccec91e60107b59317959d2d3afd0f6ea4f0f4104bcfeca19d0930219330ace8533b4a75a6a8a17b1462e6cdf2b5d7

  • SSDEEP

    3072:lxUm75Fku3eKeJk21ZSJReOqlz+mErj+HyHnNVIPL/+ybbiGF+1u46Q7q303lU8O:fU8DkpP1oJ1qlzUWUNVIT/bbbIW09R

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e44583e1c8b5d5exe_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\e44583e1c8b5d5exe_JC.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4880
    • C:\Program Files\silent\Performs.exe
      "C:\Program Files\silent\Performs.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\silent\Performs.exe
    Filesize

    267KB

    MD5

    80f8795a00a3fb4ff7104c5881e3b722

    SHA1

    d287ec7346c53eebeabe400b4e57fdbe3e7d90c7

    SHA256

    0e16b9b4b0a39fe5aa52c5b4e7ea90904b3a5d8f5b641dfba4b1d762e38acc6e

    SHA512

    f58ce574832db58ff28d89b21edc7f11f7da58ab7c1b3fb6092ec56d532b3a019842e15ed86a20bd91f7aff2ea89d2792d2b049109a7007bd05da56d8d9a704d

    Download Submit

  • C:\Program Files\silent\Performs.exe
    Filesize

    267KB

    MD5

    80f8795a00a3fb4ff7104c5881e3b722

    SHA1

    d287ec7346c53eebeabe400b4e57fdbe3e7d90c7

    SHA256

    0e16b9b4b0a39fe5aa52c5b4e7ea90904b3a5d8f5b641dfba4b1d762e38acc6e

    SHA512

    f58ce574832db58ff28d89b21edc7f11f7da58ab7c1b3fb6092ec56d532b3a019842e15ed86a20bd91f7aff2ea89d2792d2b049109a7007bd05da56d8d9a704d

    Download Submit