Overview

overview

3

Static

static

3

Talex_ChangeIP.exe

windows7-x64

1

Talex_ChangeIP.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    143s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/07/2023, 08:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Talex_ChangeIP.exe

  • Size

    56KB

  • MD5

    bf4dc5399588e1dc1c22f54a7e857fe6

  • SHA1

    5d879189a7f37112f68c7556f8c72eefbc963424

  • SHA256

    701ede23ec6accff031961bf12b8c35cc03e66d1a4bfca1a7217b2fc3072eeeb

  • SHA512

    53eb7a03ddbe0ac41ecd0d50c1324e82fea1291eb86f341e93a0c258390f7061bcf2d355cc0b076136b299e333da5f76e91b114ca0a9bfef2f769663486964d8

  • SSDEEP

    768:H2ZVRNWXYT6AbyIrJmyCxIlRI3NnarnKlT7eN:H2ZVRNxkItCxIlR4NnarnKBc

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Talex_ChangeIP.exe
    "C:\Users\Admin\AppData\Local\Temp\Talex_ChangeIP.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3604
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\changeip.bat
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4252
      • C:\Windows\SysWOW64\netsh.exe
        netsh interface ipv4 show config
        3⤵
          PID:4736

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\changeip.bat
      Filesize

      62B

      MD5

      43ed3b96d01cac82b783d104e64ed294

      SHA1

      a212e5bb4d3e0d5b4333fe8d20b7d165239f49ba

      SHA256

      835ee9059ee62e875425e1204ba95743e113b6f6e3dd70a4b739d3a97c4fdc65

      SHA512

      6e2384f999b7f43e227c3d042407e844858c414e52189cb1fc656fd9d3f0a172b34bfadd28450679f5560b2362c173e06800c015a1413197c27f76aa1ba52921

      Download Submit

    • C:\changeip.dat
      Filesize

      952B

      MD5

      8ea9b2e80e9b5354565f3ffe21469ac0

      SHA1

      634c635b5e32958cee0ea0b1a03325745edadc65

      SHA256

      a67798e18e218f9946be74e62ab63d25110eca2c9b5c2d2b10dbd092dda9c278

      SHA512

      793c4c32d7cf34ff4c96c063ccf1334ea0a684c5ab6ee0a289fca7fd22c15ce7b92df8739a00211a268e2c477b8f120a757b83832096814f1b4d3aa3a55bf3f4

      Download Submit