cbad6295907cfdfbdef8576364d259c03397bac6bbffbc0632023e5435584bc0

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
23/07/2023, 19:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NA_NA_30ad4b47be708cexeexe_JC.exe
Size

404KB
MD5

30ad4b47be708c86d6c1eed43505df2a
SHA1

f8c9a4b6fc02e3ab53dc4592b0bad563777c312c
SHA256

cbad6295907cfdfbdef8576364d259c03397bac6bbffbc0632023e5435584bc0
SHA512

b3640afd8fb6353e2adc0fc1be9fc89d0908e7d8423c379413a4b783815f5d83f06c82491a540b3579f20f755ec4f27ebfb04408f604f42b7ade4668fd485ae6
SSDEEP

12288:iplrVbDdQaqdS/ofraFErH8uB2Wm0SXsNr5FU:uxRQ+Fucuvm0as

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2656	Dsetup2.exe

Loads dropped DLL 4 IoCs

pid	Process
2268	NA_NA_30ad4b47be708cexeexe_JC.exe
2656	Dsetup2.exe
2656	Dsetup2.exe
2656	Dsetup2.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\Dsetup1\Dsetup2.exe	NA_NA_30ad4b47be708cexeexe_JC.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2268	NA_NA_30ad4b47be708cexeexe_JC.exe
2268	NA_NA_30ad4b47be708cexeexe_JC.exe
2268	NA_NA_30ad4b47be708cexeexe_JC.exe
2268	NA_NA_30ad4b47be708cexeexe_JC.exe
2656	Dsetup2.exe
2656	Dsetup2.exe
2656	Dsetup2.exe
2656	Dsetup2.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 2656	2268	NA_NA_30ad4b47be708cexeexe_JC.exe	28
PID 2268 wrote to memory of 2656	2268	NA_NA_30ad4b47be708cexeexe_JC.exe	28
PID 2268 wrote to memory of 2656	2268	NA_NA_30ad4b47be708cexeexe_JC.exe	28
PID 2268 wrote to memory of 2656	2268	NA_NA_30ad4b47be708cexeexe_JC.exe	28
PID 2268 wrote to memory of 2656	2268	NA_NA_30ad4b47be708cexeexe_JC.exe	28
PID 2268 wrote to memory of 2656	2268	NA_NA_30ad4b47be708cexeexe_JC.exe	28
PID 2268 wrote to memory of 2656	2268	NA_NA_30ad4b47be708cexeexe_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\NA_NA_30ad4b47be708cexeexe_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NA_NA_30ad4b47be708cexeexe_JC.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Program Files\Dsetup1\Dsetup2.exe
  "C:\Program Files\Dsetup1\Dsetup2.exe" "33201"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Dsetup1\Dsetup2.exe

Filesize
404KB

MD5
dda04281338fe976c6d15b42c7f8ac76

SHA1
7a1a2cf26429c3c9afb9d1c7850aabe2bfb1d3bb

SHA256
967662fcb74ca1a53320ede5db178f9b1c03bd516f228a4a6c3aa841c7a7eba0

SHA512
ff5d2c93d2af632eb449d6dac8aeb9049a1a5eea368f04790bec761093aeb3c3ce302832ee8390be758f17fb3494bdad2a29c34452c61c949e56c4396817ef82

Download Submit
C:\Program Files\Dsetup1\Dsetup2.exe

Filesize
404KB

MD5
dda04281338fe976c6d15b42c7f8ac76

SHA1
7a1a2cf26429c3c9afb9d1c7850aabe2bfb1d3bb

SHA256
967662fcb74ca1a53320ede5db178f9b1c03bd516f228a4a6c3aa841c7a7eba0

SHA512
ff5d2c93d2af632eb449d6dac8aeb9049a1a5eea368f04790bec761093aeb3c3ce302832ee8390be758f17fb3494bdad2a29c34452c61c949e56c4396817ef82

Download Submit
\Program Files\Dsetup1\Dsetup2.exe

Filesize
404KB

MD5
dda04281338fe976c6d15b42c7f8ac76

SHA1
7a1a2cf26429c3c9afb9d1c7850aabe2bfb1d3bb

SHA256
967662fcb74ca1a53320ede5db178f9b1c03bd516f228a4a6c3aa841c7a7eba0

SHA512
ff5d2c93d2af632eb449d6dac8aeb9049a1a5eea368f04790bec761093aeb3c3ce302832ee8390be758f17fb3494bdad2a29c34452c61c949e56c4396817ef82

Download Submit
\Program Files\Dsetup1\Dsetup2.exe

Filesize
404KB

MD5
dda04281338fe976c6d15b42c7f8ac76

SHA1
7a1a2cf26429c3c9afb9d1c7850aabe2bfb1d3bb

SHA256
967662fcb74ca1a53320ede5db178f9b1c03bd516f228a4a6c3aa841c7a7eba0

SHA512
ff5d2c93d2af632eb449d6dac8aeb9049a1a5eea368f04790bec761093aeb3c3ce302832ee8390be758f17fb3494bdad2a29c34452c61c949e56c4396817ef82

Download Submit
\Program Files\Dsetup1\Dsetup2.exe

Filesize
404KB

MD5
dda04281338fe976c6d15b42c7f8ac76

SHA1
7a1a2cf26429c3c9afb9d1c7850aabe2bfb1d3bb

SHA256
967662fcb74ca1a53320ede5db178f9b1c03bd516f228a4a6c3aa841c7a7eba0

SHA512
ff5d2c93d2af632eb449d6dac8aeb9049a1a5eea368f04790bec761093aeb3c3ce302832ee8390be758f17fb3494bdad2a29c34452c61c949e56c4396817ef82

Download Submit
\Program Files\Dsetup1\Dsetup2.exe

Filesize
404KB

MD5
dda04281338fe976c6d15b42c7f8ac76

SHA1
7a1a2cf26429c3c9afb9d1c7850aabe2bfb1d3bb

SHA256
967662fcb74ca1a53320ede5db178f9b1c03bd516f228a4a6c3aa841c7a7eba0

SHA512
ff5d2c93d2af632eb449d6dac8aeb9049a1a5eea368f04790bec761093aeb3c3ce302832ee8390be758f17fb3494bdad2a29c34452c61c949e56c4396817ef82

Download Submit