16338462420fdfb4c6f69b08c81ba7f5a336aeff7d40538e4c64eb4890db9fb3

General

Target

16338462420fdfb4c6f69b08c81ba7f5a336aeff7d40538e4c64eb4890db9fb3.exe
Size

12.0MB
MD5

387a047fb2638ca770023bf9efa08992
SHA1

56d322e229d00b5d775263afe5272c98946431dd
SHA256

16338462420fdfb4c6f69b08c81ba7f5a336aeff7d40538e4c64eb4890db9fb3
SHA512

843ba6f7786cdb8b4f0b14461e03571df479f74ad250869acd7abe295f0fd3c576f8c042be6b7a721b265f26ba96a55916df2cd535f6612884bc5b7b256b0790
SSDEEP

196608:gFuam2FbKedfx1FDsKPKeH83PCic59CWTevm2UEpRNb3NjDfoyVZKt8AI:gFRt+edfjFPmUSvm2BzBhT5V3

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2360	cmd.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
2996	16338462420fdfb4c6f69b08c81ba7f5a336aeff7d40538e4c64eb4890db9fb3.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2996	16338462420fdfb4c6f69b08c81ba7f5a336aeff7d40538e4c64eb4890db9fb3.exe
2996	16338462420fdfb4c6f69b08c81ba7f5a336aeff7d40538e4c64eb4890db9fb3.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2996	16338462420fdfb4c6f69b08c81ba7f5a336aeff7d40538e4c64eb4890db9fb3.exe
2996	16338462420fdfb4c6f69b08c81ba7f5a336aeff7d40538e4c64eb4890db9fb3.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
2996	16338462420fdfb4c6f69b08c81ba7f5a336aeff7d40538e4c64eb4890db9fb3.exe
2996	16338462420fdfb4c6f69b08c81ba7f5a336aeff7d40538e4c64eb4890db9fb3.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2996	16338462420fdfb4c6f69b08c81ba7f5a336aeff7d40538e4c64eb4890db9fb3.exe
2996	16338462420fdfb4c6f69b08c81ba7f5a336aeff7d40538e4c64eb4890db9fb3.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2996 wrote to memory of 2360	2996	16338462420fdfb4c6f69b08c81ba7f5a336aeff7d40538e4c64eb4890db9fb3.exe	31
PID 2996 wrote to memory of 2360	2996	16338462420fdfb4c6f69b08c81ba7f5a336aeff7d40538e4c64eb4890db9fb3.exe	31
PID 2996 wrote to memory of 2360	2996	16338462420fdfb4c6f69b08c81ba7f5a336aeff7d40538e4c64eb4890db9fb3.exe	31
PID 2996 wrote to memory of 2360	2996	16338462420fdfb4c6f69b08c81ba7f5a336aeff7d40538e4c64eb4890db9fb3.exe	31

C:\Users\Admin\AppData\Local\Temp\16338462420fdfb4c6f69b08c81ba7f5a336aeff7d40538e4c64eb4890db9fb3.exe
"C:\Users\Admin\AppData\Local\Temp\16338462420fdfb4c6f69b08c81ba7f5a336aeff7d40538e4c64eb4890db9fb3.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2996
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Users\Admin\AppData\Local\Temp\×ÔÉ±.bat
  2⤵
  - Deletes itself
  PID:2360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\16338462420fdfb4c6f69b08c81ba7f5a336aeff7d40538e4c64eb4890db9fb3.exe1.exe

Filesize
12.0MB

MD5
a04f6ea1460283a5932b196711395ddd

SHA1
79f00e3527d60617a4e4242024f5472fa186d899

SHA256
7b822465920eefd9ca4561c1979a15594712af69d56820f46beda68c829dc4fb

SHA512
20c43d1d9e2ced268be6eeaf72120de24bf9dbff509d7207f8b8c50d310b856a1a7a90d347f39db5440d8e94f464d95116ab749c243bb3af28f48522cfaead5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\×ÔÉ±.bat

Filesize
557B

MD5
6ededd016efddcd35d2c4e1530c47fce

SHA1
7d14ca51b9af246dff14ff8d818eb6c144c73d26

SHA256
b3451b1ac916da42e835b74ceb434dd9b9e7ca2ca6ad5025e051bcbbacc4fe1c

SHA512
1f8a5a9201ad0781f4c549ecf4f0280e7f4d68d28cc96452c0c928010c4797782d78f427ed22cc13cc9d0505829ef350f2deb60723811903db47ce653d351f05

Download Submit
C:\Users\Admin\AppData\Local\Temp\×ÔÉ±.bat

Filesize
557B

MD5
6ededd016efddcd35d2c4e1530c47fce

SHA1
7d14ca51b9af246dff14ff8d818eb6c144c73d26

SHA256
b3451b1ac916da42e835b74ceb434dd9b9e7ca2ca6ad5025e051bcbbacc4fe1c

SHA512
1f8a5a9201ad0781f4c549ecf4f0280e7f4d68d28cc96452c0c928010c4797782d78f427ed22cc13cc9d0505829ef350f2deb60723811903db47ce653d351f05

Download Submit
memory/2996-21-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2996-24-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/2996-8-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2996-10-0x0000000000400000-0x000000000269F000-memory.dmp

Filesize
34.6MB

Download
memory/2996-11-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2996-19-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2996-16-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2996-0-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2996-14-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2996-6-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2996-31-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/2996-29-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/2996-26-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/2996-32-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/2996-34-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/2996-36-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/2996-5-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2996-2-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2996-50-0x0000000000400000-0x000000000269F000-memory.dmp

Filesize
34.6MB

Download
memory/2996-3-0x0000000000400000-0x000000000269F000-memory.dmp

Filesize
34.6MB

Download

Analysis

Sharing