75097ece457a1d966c411d6f2a7b945fa6c8cb22f95e63f394872d368bc228e5

Analysis

max time kernel
145s
max time network
125s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
25-08-2023 20:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

75097ece457a1d966c411d6f2a7b945fa6c8cb22f95e63f394872d368bc228e5.exe
Size

1.2MB
MD5

8041f24c6dfca5242e7a7a98c34c91f4
SHA1

960b669f7fa4bd28e2c1f07e6d84c949441eb504
SHA256

75097ece457a1d966c411d6f2a7b945fa6c8cb22f95e63f394872d368bc228e5
SHA512

41e349129dc8d171905e140489b426cec949a50ede80399bd19cd407712cb0a9e5194703b4d7dadc58a40b7405f6f546565f705c322133b7ae2517154a4fac44
SSDEEP

24576:nAfjT/yriGf5t5emhtM74h16OLsC4kVzrSyovnmorhfVu+tgqIsXqA:wjTKrtxtAGtM74rVfUtvFfrxqA

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2800	svchost.exe

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2124-3-0x00000000002E0000-0x00000000002EB000-memory.dmp	upx
behavioral1/memory/2124-0-0x0000000010000000-0x000000001001E000-memory.dmp	upx
behavioral1/memory/2124-4-0x0000000010000000-0x000000001001E000-memory.dmp	upx
behavioral1/memory/2800-11-0x0000000010000000-0x000000001001E000-memory.dmp	upx
behavioral1/memory/2800-14-0x00000000002D0000-0x00000000002DB000-memory.dmp	upx
behavioral1/memory/2124-16-0x00000000002E0000-0x00000000002EB000-memory.dmp	upx
behavioral1/memory/2800-18-0x0000000010000000-0x000000001001E000-memory.dmp	upx
behavioral1/memory/2800-20-0x00000000002D0000-0x00000000002DB000-memory.dmp	upx

Suspicious behavior: EnumeratesProcesses 60 IoCs

pid	Process
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe
2800	svchost.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2124	75097ece457a1d966c411d6f2a7b945fa6c8cb22f95e63f394872d368bc228e5.exe
2124	75097ece457a1d966c411d6f2a7b945fa6c8cb22f95e63f394872d368bc228e5.exe
2800	svchost.exe
2800	svchost.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2124 wrote to memory of 2800	2124	75097ece457a1d966c411d6f2a7b945fa6c8cb22f95e63f394872d368bc228e5.exe	28
PID 2124 wrote to memory of 2800	2124	75097ece457a1d966c411d6f2a7b945fa6c8cb22f95e63f394872d368bc228e5.exe	28
PID 2124 wrote to memory of 2800	2124	75097ece457a1d966c411d6f2a7b945fa6c8cb22f95e63f394872d368bc228e5.exe	28
PID 2124 wrote to memory of 2800	2124	75097ece457a1d966c411d6f2a7b945fa6c8cb22f95e63f394872d368bc228e5.exe	28

C:\Users\Admin\AppData\Local\Temp\75097ece457a1d966c411d6f2a7b945fa6c8cb22f95e63f394872d368bc228e5.exe
"C:\Users\Admin\AppData\Local\Temp\75097ece457a1d966c411d6f2a7b945fa6c8cb22f95e63f394872d368bc228e5.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2124
- F:\svchost.exe
  F:\svchost.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:2800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

F:\svchost.exe

Filesize
1.2MB

MD5
8041f24c6dfca5242e7a7a98c34c91f4

SHA1
960b669f7fa4bd28e2c1f07e6d84c949441eb504

SHA256
75097ece457a1d966c411d6f2a7b945fa6c8cb22f95e63f394872d368bc228e5

SHA512
41e349129dc8d171905e140489b426cec949a50ede80399bd19cd407712cb0a9e5194703b4d7dadc58a40b7405f6f546565f705c322133b7ae2517154a4fac44

Download Submit
memory/2124-16-0x00000000002E0000-0x00000000002EB000-memory.dmp

Filesize
44KB

Download
memory/2124-0-0x0000000010000000-0x000000001001E000-memory.dmp

Filesize
120KB

Download
memory/2124-4-0x0000000010000000-0x000000001001E000-memory.dmp

Filesize
120KB

Download
memory/2124-1-0x0000000000400000-0x0000000000773000-memory.dmp

Filesize
3.4MB

Download
memory/2124-9-0x00000000028A0000-0x0000000002C13000-memory.dmp

Filesize
3.4MB

Download
memory/2124-3-0x00000000002E0000-0x00000000002EB000-memory.dmp

Filesize
44KB

Download
memory/2124-15-0x0000000000400000-0x0000000000773000-memory.dmp

Filesize
3.4MB

Download
memory/2800-10-0x0000000000400000-0x0000000000773000-memory.dmp

Filesize
3.4MB

Download
memory/2800-11-0x0000000010000000-0x000000001001E000-memory.dmp

Filesize
120KB

Download
memory/2800-14-0x00000000002D0000-0x00000000002DB000-memory.dmp

Filesize
44KB

Download
memory/2800-17-0x0000000000400000-0x0000000000773000-memory.dmp

Filesize
3.4MB

Download
memory/2800-18-0x0000000010000000-0x000000001001E000-memory.dmp

Filesize
120KB

Download
memory/2800-20-0x00000000002D0000-0x00000000002DB000-memory.dmp

Filesize
44KB

Download