4c51c19778965eeabbbe8b99c0f125f625082929ce5d2cd5436f6f6bbcf429f1

General

Target

4c51c19778965eeabbbe8b99c0f125f625082929ce5d2cd5436f6f6bbcf429f1.exe
Size

7.2MB
MD5

7ac7f268087b0164d23cf137e7d88a14
SHA1

d54078baed565c9077ea8e6c4ed06c5c53512a63
SHA256

4c51c19778965eeabbbe8b99c0f125f625082929ce5d2cd5436f6f6bbcf429f1
SHA512

a41039b06f8687e306e94f564359e0c65fe6d25f3e508d7461d67b6c293c4e05d4d94534cf2290ea847cb4a5ebc32aa5a01087080a9e4d0dd10fc0432be38a3c
SSDEEP

196608:PXyfFicf/8ReQ1cr81wb8FYLPJv9MvyaeTXLK2xBKn:Py4cf0ReJrb889MvUTXbxYn

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3068	spr.prx

Loads dropped DLL 3 IoCs

pid	Process
2808	4c51c19778965eeabbbe8b99c0f125f625082929ce5d2cd5436f6f6bbcf429f1.exe
2808	4c51c19778965eeabbbe8b99c0f125f625082929ce5d2cd5436f6f6bbcf429f1.exe
3068	spr.prx

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
3068	spr.prx
3068	spr.prx
3068	spr.prx

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
3068	spr.prx
3068	spr.prx
3068	spr.prx

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
2808	4c51c19778965eeabbbe8b99c0f125f625082929ce5d2cd5436f6f6bbcf429f1.exe
2808	4c51c19778965eeabbbe8b99c0f125f625082929ce5d2cd5436f6f6bbcf429f1.exe
3068	spr.prx
3068	spr.prx
3068	spr.prx

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2808 wrote to memory of 3068	2808	4c51c19778965eeabbbe8b99c0f125f625082929ce5d2cd5436f6f6bbcf429f1.exe	28
PID 2808 wrote to memory of 3068	2808	4c51c19778965eeabbbe8b99c0f125f625082929ce5d2cd5436f6f6bbcf429f1.exe	28
PID 2808 wrote to memory of 3068	2808	4c51c19778965eeabbbe8b99c0f125f625082929ce5d2cd5436f6f6bbcf429f1.exe	28
PID 2808 wrote to memory of 3068	2808	4c51c19778965eeabbbe8b99c0f125f625082929ce5d2cd5436f6f6bbcf429f1.exe	28

C:\Users\Admin\AppData\Local\Temp\4c51c19778965eeabbbe8b99c0f125f625082929ce5d2cd5436f6f6bbcf429f1.exe
"C:\Users\Admin\AppData\Local\Temp\4c51c19778965eeabbbe8b99c0f125f625082929ce5d2cd5436f6f6bbcf429f1.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2808
- C:\Users\Admin\AppData\Local\Temp\spr.prx
  C:\Users\Admin\AppData\Local\Temp\spr.prx
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\WINSPOOL.DRV

Filesize
1.3MB

MD5
ba9ab944dbcab2aeaa3ac90456efc8f3

SHA1
9211649a38fe56205d9aa49c85027e0fee78bde5

SHA256
700c81b0791c763951d572f562127943486fc72cba18ad544d92b1f993dd985a

SHA512
d69946183c675bd62af8a2919a3c6bb3f4a2f51802f906eac2530a08052a4b6cd5289379aaa2bfc80ee80fbfc3b4b6cef2dcdd167edca07ea065f772fd788e93

Download Submit
C:\Users\Admin\AppData\Local\Temp\f7780c4.tmp

Filesize
13KB

MD5
f4ac318a68081b2d2d7dd817dfde5f0b

SHA1
d6f905f582ccf950919368ce80fb71f3aaf30aec

SHA256
f6595e48c3840b0d3d124dd5ad3d03f8fc4e2e114f8ebeb54330a34c5c6b5064

SHA512
8629ddfde3d8af8bb8d854bdfcd58f56efbbeb8aeb71396624f2670c3c97966030492e233bbc6e59b038dc5a21576578b17931dee4385b9a3c4232450afe8712

Download Submit
C:\Users\Admin\AppData\Local\Temp\spr.prx

Filesize
6.6MB

MD5
5dec8a8d99a7fb0bc397926e758a0288

SHA1
2c88a174e78ce49f7c4c5abe3b33e2c9880d97b9

SHA256
4fb19c11d602c06bb2c4aca24431c4f5408ddf65246133be76654efcb56b2bc0

SHA512
e75ba2dd2d46c387571bb016e2852b26277d25f3c6797c75f0124f4560b5f0d6d7ab4ba3ccee4d15419a1a07c84d504df0a4b3aa94bd86c28542ac568596bc7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\spr.prx

Filesize
6.6MB

MD5
5dec8a8d99a7fb0bc397926e758a0288

SHA1
2c88a174e78ce49f7c4c5abe3b33e2c9880d97b9

SHA256
4fb19c11d602c06bb2c4aca24431c4f5408ddf65246133be76654efcb56b2bc0

SHA512
e75ba2dd2d46c387571bb016e2852b26277d25f3c6797c75f0124f4560b5f0d6d7ab4ba3ccee4d15419a1a07c84d504df0a4b3aa94bd86c28542ac568596bc7e

Download Submit
\Users\Admin\AppData\Local\Temp\spr.prx

Filesize
6.6MB

MD5
5dec8a8d99a7fb0bc397926e758a0288

SHA1
2c88a174e78ce49f7c4c5abe3b33e2c9880d97b9

SHA256
4fb19c11d602c06bb2c4aca24431c4f5408ddf65246133be76654efcb56b2bc0

SHA512
e75ba2dd2d46c387571bb016e2852b26277d25f3c6797c75f0124f4560b5f0d6d7ab4ba3ccee4d15419a1a07c84d504df0a4b3aa94bd86c28542ac568596bc7e

Download Submit
\Users\Admin\AppData\Local\Temp\spr.prx

Filesize
6.6MB

MD5
5dec8a8d99a7fb0bc397926e758a0288

SHA1
2c88a174e78ce49f7c4c5abe3b33e2c9880d97b9

SHA256
4fb19c11d602c06bb2c4aca24431c4f5408ddf65246133be76654efcb56b2bc0

SHA512
e75ba2dd2d46c387571bb016e2852b26277d25f3c6797c75f0124f4560b5f0d6d7ab4ba3ccee4d15419a1a07c84d504df0a4b3aa94bd86c28542ac568596bc7e

Download Submit
\Users\Admin\AppData\Local\Temp\winspool.drv

Filesize
1.3MB

MD5
ba9ab944dbcab2aeaa3ac90456efc8f3

SHA1
9211649a38fe56205d9aa49c85027e0fee78bde5

SHA256
700c81b0791c763951d572f562127943486fc72cba18ad544d92b1f993dd985a

SHA512
d69946183c675bd62af8a2919a3c6bb3f4a2f51802f906eac2530a08052a4b6cd5289379aaa2bfc80ee80fbfc3b4b6cef2dcdd167edca07ea065f772fd788e93

Download Submit
memory/2808-0-0x0000000000400000-0x00000000013EA000-memory.dmp

Filesize
15.9MB

Download
memory/2808-1-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2808-2-0x0000000000400000-0x00000000013EA000-memory.dmp

Filesize
15.9MB

Download
memory/2808-15-0x0000000000400000-0x00000000013EA000-memory.dmp

Filesize
15.9MB

Download
memory/3068-31-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/3068-30-0x0000000076D00000-0x0000000076D35000-memory.dmp

Filesize
212KB

Download
memory/3068-34-0x0000000003500000-0x0000000003501000-memory.dmp

Filesize
4KB

Download
memory/3068-33-0x00000000034D0000-0x00000000034D1000-memory.dmp

Filesize
4KB

Download
memory/3068-32-0x00000000034B0000-0x00000000034B1000-memory.dmp

Filesize
4KB

Download
memory/3068-35-0x0000000003480000-0x0000000003481000-memory.dmp

Filesize
4KB

Download
memory/3068-36-0x0000000003680000-0x0000000003681000-memory.dmp

Filesize
4KB

Download
memory/3068-37-0x00000000036A0000-0x00000000036A1000-memory.dmp

Filesize
4KB

Download
memory/3068-38-0x0000000003AF0000-0x0000000003AF1000-memory.dmp

Filesize
4KB

Download
memory/3068-39-0x0000000003B40000-0x0000000003B41000-memory.dmp

Filesize
4KB

Download
memory/3068-40-0x0000000003C70000-0x0000000003C71000-memory.dmp

Filesize
4KB

Download
memory/3068-47-0x0000000003CC0000-0x0000000003CC1000-memory.dmp

Filesize
4KB

Download
memory/3068-27-0x0000000000400000-0x0000000001267000-memory.dmp

Filesize
14.4MB

Download

Analysis

Sharing