ec13b3baffc45cda2f9ad19739c5371e0dc1279b939d0cea16d228c2deb5ebf0

General

Target

ec13b3baffc45cda2f9ad19739c5371e0dc1279b939d0cea16d228c2deb5ebf0.exe
Size

728KB
MD5

fcfea5b5ee2bc17fbc364fdb8a0ca2df
SHA1

0998ad4a8c5eaf83cdd0bb82b3142946efa5066a
SHA256

ec13b3baffc45cda2f9ad19739c5371e0dc1279b939d0cea16d228c2deb5ebf0
SHA512

1cb4fa2034458b0570129f495d685f143ff66a66f4b64f2558745b64a58620cf2cc453100fb751faf454bb0da20b991b9c542869d7851d1d158b4e94844619a0
SSDEEP

12288:P+BhHODYCNq5PFL3VldHxee67IwiWjV5VwzgNDxRiu78Cu:P+BhHOkCNq5lllZxb6ae/ogNNRiuYCu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
768	ec13b3baffc45cda2f9ad19739c5371e0dc1279b939d0cea16d228c2deb5ebf0.exe

Loads dropped DLL 1 IoCs

pid	Process
1984	ec13b3baffc45cda2f9ad19739c5371e0dc1279b939d0cea16d228c2deb5ebf0.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
768	ec13b3baffc45cda2f9ad19739c5371e0dc1279b939d0cea16d228c2deb5ebf0.exe
768	ec13b3baffc45cda2f9ad19739c5371e0dc1279b939d0cea16d228c2deb5ebf0.exe
768	ec13b3baffc45cda2f9ad19739c5371e0dc1279b939d0cea16d228c2deb5ebf0.exe
768	ec13b3baffc45cda2f9ad19739c5371e0dc1279b939d0cea16d228c2deb5ebf0.exe
768	ec13b3baffc45cda2f9ad19739c5371e0dc1279b939d0cea16d228c2deb5ebf0.exe
768	ec13b3baffc45cda2f9ad19739c5371e0dc1279b939d0cea16d228c2deb5ebf0.exe
768	ec13b3baffc45cda2f9ad19739c5371e0dc1279b939d0cea16d228c2deb5ebf0.exe
768	ec13b3baffc45cda2f9ad19739c5371e0dc1279b939d0cea16d228c2deb5ebf0.exe
768	ec13b3baffc45cda2f9ad19739c5371e0dc1279b939d0cea16d228c2deb5ebf0.exe
768	ec13b3baffc45cda2f9ad19739c5371e0dc1279b939d0cea16d228c2deb5ebf0.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1984	ec13b3baffc45cda2f9ad19739c5371e0dc1279b939d0cea16d228c2deb5ebf0.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1984	ec13b3baffc45cda2f9ad19739c5371e0dc1279b939d0cea16d228c2deb5ebf0.exe
1984	ec13b3baffc45cda2f9ad19739c5371e0dc1279b939d0cea16d228c2deb5ebf0.exe
768	ec13b3baffc45cda2f9ad19739c5371e0dc1279b939d0cea16d228c2deb5ebf0.exe
768	ec13b3baffc45cda2f9ad19739c5371e0dc1279b939d0cea16d228c2deb5ebf0.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1984 wrote to memory of 768	1984	ec13b3baffc45cda2f9ad19739c5371e0dc1279b939d0cea16d228c2deb5ebf0.exe	28
PID 1984 wrote to memory of 768	1984	ec13b3baffc45cda2f9ad19739c5371e0dc1279b939d0cea16d228c2deb5ebf0.exe	28
PID 1984 wrote to memory of 768	1984	ec13b3baffc45cda2f9ad19739c5371e0dc1279b939d0cea16d228c2deb5ebf0.exe	28
PID 1984 wrote to memory of 768	1984	ec13b3baffc45cda2f9ad19739c5371e0dc1279b939d0cea16d228c2deb5ebf0.exe	28

C:\Users\Admin\AppData\Local\Temp\ec13b3baffc45cda2f9ad19739c5371e0dc1279b939d0cea16d228c2deb5ebf0.exe
"C:\Users\Admin\AppData\Local\Temp\ec13b3baffc45cda2f9ad19739c5371e0dc1279b939d0cea16d228c2deb5ebf0.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Users\Admin\AppData\Local\Temp\ec13b3baffc45cda2f9ad19739c5371e0dc1279b939d0cea16d228c2deb5ebf0.exe
  C:\Users\Admin\AppData\Local\Temp\ec13b3baffc45cda2f9ad19739c5371e0dc1279b939d0cea16d228c2deb5ebf0.exe --
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:768

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ec13b3baffc45cda2f9ad19739c5371e0dc1279b939d0cea16d228c2deb5ebf0.exe

Filesize
729KB

MD5
d2ff5d22d0abe228e8bca9ccefa40947

SHA1
f2616b881b07f4ab9803f92dee51250e27afa15d

SHA256
824ee56a98eb2e47c9991f0559636e43ae780968007ee1e64ad6c94bcf715989

SHA512
17b4f1307233000d073e84e97ecef75a1e639151ff2d35763493c2e89d3bb57179c3a94ddbde91719b97fdf02a58a790303753e704843a6ca856a1585032dd86

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec13b3baffc45cda2f9ad19739c5371e0dc1279b939d0cea16d228c2deb5ebf0.exe

Filesize
729KB

MD5
d2ff5d22d0abe228e8bca9ccefa40947

SHA1
f2616b881b07f4ab9803f92dee51250e27afa15d

SHA256
824ee56a98eb2e47c9991f0559636e43ae780968007ee1e64ad6c94bcf715989

SHA512
17b4f1307233000d073e84e97ecef75a1e639151ff2d35763493c2e89d3bb57179c3a94ddbde91719b97fdf02a58a790303753e704843a6ca856a1585032dd86

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec13b3baffc45cda2f9ad19739c5371e0dc1279b939d0cea16d228c2deb5ebf0.exe

Filesize
729KB

MD5
96f14e0d35a7bc55dd8432dc9d7de0fa

SHA1
e22964ed557b9b0fbaae548e3e0d557d22ffeba7

SHA256
d76251ff8c00747c9c88afc93fb1a9f77f5c07bf3eaf96e47c2b768c1103fcd3

SHA512
55f6d2d6cc09e2b82e69b9a71a2ee796b18c4baf4783b1eebfc6ed0dbfa826b6bf6f2cc818dc25fe722c2ff4e455e1596f8f793055424713a53ef0f8b10750ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec13b3baffc45cda2f9ad19739c5371e0dc1279b939d0cea16d228c2deb5ebf0.exe.bak

Filesize
728KB

MD5
1a8f6cb088fb16b772bc7d8f9c3c1bbd

SHA1
1026ae18ac1f373e6bdc9140c798134892a9fde1

SHA256
e7a131696b5bbee32591fcbf687d27a28a3cd591be61e784d52344eccaea41a4

SHA512
247a9dd87ce19ab9ffc5e22b90dc871f57ed61b21b10094eb23406be82f7e7e502dda5be243ab6b127b31c78c4ea276ef2d674d1354a277ed39350835b5a10b2

Download Submit
\Users\Admin\AppData\Local\Temp\ec13b3baffc45cda2f9ad19739c5371e0dc1279b939d0cea16d228c2deb5ebf0.exe

Filesize
729KB

MD5
d2ff5d22d0abe228e8bca9ccefa40947

SHA1
f2616b881b07f4ab9803f92dee51250e27afa15d

SHA256
824ee56a98eb2e47c9991f0559636e43ae780968007ee1e64ad6c94bcf715989

SHA512
17b4f1307233000d073e84e97ecef75a1e639151ff2d35763493c2e89d3bb57179c3a94ddbde91719b97fdf02a58a790303753e704843a6ca856a1585032dd86

Download Submit
memory/1984-12-0x0000000000400000-0x00000000004CF000-memory.dmp

Filesize
828KB

Download

Analysis

Sharing