afd278546db8ac9ffac1c31d22fe52a3c099caae94f4e9d14f9fdcd590709dd0

General

Target

afd278546db8ac9ffac1c31d22fe52a3c099caae94f4e9d14f9fdcd590709dd0.exe
Size

729KB
MD5

eed8d1e6bb54252cbeba6f0002941486
SHA1

936a55c11ef68412be6ae9a8bedd85cb2a042409
SHA256

afd278546db8ac9ffac1c31d22fe52a3c099caae94f4e9d14f9fdcd590709dd0
SHA512

2d13acd7598a94219e0d1cf613da78258ec8636fd4d6a31768cacaa9c826565595cd896447aed9e0247bf62e3b475483ef7bf4a60d124a50f585795e28ca9735
SSDEEP

12288:O+BhHODYCNq5PFL3VldHxee67IwiWjV5VwzgNDxRihF+CD:O+BhHOkCNq5lllZxb6ae/ogNNRihgCD

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2848	afd278546db8ac9ffac1c31d22fe52a3c099caae94f4e9d14f9fdcd590709dd0.exe

Loads dropped DLL 1 IoCs

pid	Process
2032	afd278546db8ac9ffac1c31d22fe52a3c099caae94f4e9d14f9fdcd590709dd0.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2848	afd278546db8ac9ffac1c31d22fe52a3c099caae94f4e9d14f9fdcd590709dd0.exe
2848	afd278546db8ac9ffac1c31d22fe52a3c099caae94f4e9d14f9fdcd590709dd0.exe
2848	afd278546db8ac9ffac1c31d22fe52a3c099caae94f4e9d14f9fdcd590709dd0.exe
2848	afd278546db8ac9ffac1c31d22fe52a3c099caae94f4e9d14f9fdcd590709dd0.exe
2848	afd278546db8ac9ffac1c31d22fe52a3c099caae94f4e9d14f9fdcd590709dd0.exe
2848	afd278546db8ac9ffac1c31d22fe52a3c099caae94f4e9d14f9fdcd590709dd0.exe
2848	afd278546db8ac9ffac1c31d22fe52a3c099caae94f4e9d14f9fdcd590709dd0.exe
2848	afd278546db8ac9ffac1c31d22fe52a3c099caae94f4e9d14f9fdcd590709dd0.exe
2848	afd278546db8ac9ffac1c31d22fe52a3c099caae94f4e9d14f9fdcd590709dd0.exe
2848	afd278546db8ac9ffac1c31d22fe52a3c099caae94f4e9d14f9fdcd590709dd0.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2032	afd278546db8ac9ffac1c31d22fe52a3c099caae94f4e9d14f9fdcd590709dd0.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2032	afd278546db8ac9ffac1c31d22fe52a3c099caae94f4e9d14f9fdcd590709dd0.exe
2032	afd278546db8ac9ffac1c31d22fe52a3c099caae94f4e9d14f9fdcd590709dd0.exe
2848	afd278546db8ac9ffac1c31d22fe52a3c099caae94f4e9d14f9fdcd590709dd0.exe
2848	afd278546db8ac9ffac1c31d22fe52a3c099caae94f4e9d14f9fdcd590709dd0.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 2848	2032	afd278546db8ac9ffac1c31d22fe52a3c099caae94f4e9d14f9fdcd590709dd0.exe	28
PID 2032 wrote to memory of 2848	2032	afd278546db8ac9ffac1c31d22fe52a3c099caae94f4e9d14f9fdcd590709dd0.exe	28
PID 2032 wrote to memory of 2848	2032	afd278546db8ac9ffac1c31d22fe52a3c099caae94f4e9d14f9fdcd590709dd0.exe	28
PID 2032 wrote to memory of 2848	2032	afd278546db8ac9ffac1c31d22fe52a3c099caae94f4e9d14f9fdcd590709dd0.exe	28

C:\Users\Admin\AppData\Local\Temp\afd278546db8ac9ffac1c31d22fe52a3c099caae94f4e9d14f9fdcd590709dd0.exe
"C:\Users\Admin\AppData\Local\Temp\afd278546db8ac9ffac1c31d22fe52a3c099caae94f4e9d14f9fdcd590709dd0.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Users\Admin\AppData\Local\Temp\afd278546db8ac9ffac1c31d22fe52a3c099caae94f4e9d14f9fdcd590709dd0.exe
  C:\Users\Admin\AppData\Local\Temp\afd278546db8ac9ffac1c31d22fe52a3c099caae94f4e9d14f9fdcd590709dd0.exe --
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:2848

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\afd278546db8ac9ffac1c31d22fe52a3c099caae94f4e9d14f9fdcd590709dd0.exe

Filesize
729KB

MD5
a598a495a004bd555e2bfd981f48a777

SHA1
c34d9692142ebfe856c126e7993bd5a858b33e6e

SHA256
458da22e0a492306c544ba30098863452978df675f572e4de3f5ab1c8c45c7b8

SHA512
8a7832e8acee6cf414db0936f20fe6ad6b4d85f9d663b53f76dcb1d1af6587f106cff43fde297c5286f8b205f3edea72aa466680ddf6f71abef819ef0ce96227

Download Submit
C:\Users\Admin\AppData\Local\Temp\afd278546db8ac9ffac1c31d22fe52a3c099caae94f4e9d14f9fdcd590709dd0.exe

Filesize
729KB

MD5
a598a495a004bd555e2bfd981f48a777

SHA1
c34d9692142ebfe856c126e7993bd5a858b33e6e

SHA256
458da22e0a492306c544ba30098863452978df675f572e4de3f5ab1c8c45c7b8

SHA512
8a7832e8acee6cf414db0936f20fe6ad6b4d85f9d663b53f76dcb1d1af6587f106cff43fde297c5286f8b205f3edea72aa466680ddf6f71abef819ef0ce96227

Download Submit
C:\Users\Admin\AppData\Local\Temp\afd278546db8ac9ffac1c31d22fe52a3c099caae94f4e9d14f9fdcd590709dd0.exe

Filesize
729KB

MD5
aafc115d1e7e34b3b0e8e75caa9ff99f

SHA1
18d4183d95757b46939cac705dd2eeeb1aea3575

SHA256
90b219997386721ef6fe6b02cfd1a40a0ac042f52d7dc8def6cfdc2511934105

SHA512
3dc27b38502533a39572e3689d40c701694b7424b42761fc5f284eba53d754a6ab172327905028360af2a29c69cdaa09cd3b31cdc63717375803f128ce86c35c

Download Submit
C:\Users\Admin\AppData\Local\Temp\afd278546db8ac9ffac1c31d22fe52a3c099caae94f4e9d14f9fdcd590709dd0.exe.bak

Filesize
729KB

MD5
4a1e97895aaaa30714997aee639b8e2b

SHA1
06fcf10ce1f0b185bea6db010fb2b10f11f00760

SHA256
1adfb36b8803b2d2e3add0e3d16f7e45c694156d4725422da15d4a2ae4baa988

SHA512
3bc08faf9104b33d5a03dba73901387b20baaeebce53b00c75eb851e455a01784cbdcb65f332f92af4ecae0d3766843d03fd314e4baaa24b5b90aa5a4f50a53c

Download Submit
\Users\Admin\AppData\Local\Temp\afd278546db8ac9ffac1c31d22fe52a3c099caae94f4e9d14f9fdcd590709dd0.exe

Filesize
729KB

MD5
a598a495a004bd555e2bfd981f48a777

SHA1
c34d9692142ebfe856c126e7993bd5a858b33e6e

SHA256
458da22e0a492306c544ba30098863452978df675f572e4de3f5ab1c8c45c7b8

SHA512
8a7832e8acee6cf414db0936f20fe6ad6b4d85f9d663b53f76dcb1d1af6587f106cff43fde297c5286f8b205f3edea72aa466680ddf6f71abef819ef0ce96227

Download Submit
memory/2032-12-0x0000000000400000-0x00000000004CF000-memory.dmp

Filesize
828KB

Download

Analysis

Sharing