4c51c19778965eeabbbe8b99c0f125f625082929ce5d2cd5436f6f6bbcf429f1

Analysis

max time kernel
134s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12-10-2023 05:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4c51c19778965eeabbbe8b99c0f125f625082929ce5d2cd5436f6f6bbcf429f1.exe
Size

7.2MB
MD5

7ac7f268087b0164d23cf137e7d88a14
SHA1

d54078baed565c9077ea8e6c4ed06c5c53512a63
SHA256

4c51c19778965eeabbbe8b99c0f125f625082929ce5d2cd5436f6f6bbcf429f1
SHA512

a41039b06f8687e306e94f564359e0c65fe6d25f3e508d7461d67b6c293c4e05d4d94534cf2290ea847cb4a5ebc32aa5a01087080a9e4d0dd10fc0432be38a3c
SSDEEP

196608:PXyfFicf/8ReQ1cr81wb8FYLPJv9MvyaeTXLK2xBKn:Py4cf0ReJrb889MvUTXbxYn

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
552	spr.prx

Loads dropped DLL 1 IoCs

pid	Process
552	spr.prx

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
552	spr.prx
552	spr.prx
552	spr.prx

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
552	spr.prx
552	spr.prx
552	spr.prx

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
1972	4c51c19778965eeabbbe8b99c0f125f625082929ce5d2cd5436f6f6bbcf429f1.exe
1972	4c51c19778965eeabbbe8b99c0f125f625082929ce5d2cd5436f6f6bbcf429f1.exe
552	spr.prx
552	spr.prx
552	spr.prx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1972 wrote to memory of 552	1972	4c51c19778965eeabbbe8b99c0f125f625082929ce5d2cd5436f6f6bbcf429f1.exe	90
PID 1972 wrote to memory of 552	1972	4c51c19778965eeabbbe8b99c0f125f625082929ce5d2cd5436f6f6bbcf429f1.exe	90
PID 1972 wrote to memory of 552	1972	4c51c19778965eeabbbe8b99c0f125f625082929ce5d2cd5436f6f6bbcf429f1.exe	90

C:\Users\Admin\AppData\Local\Temp\4c51c19778965eeabbbe8b99c0f125f625082929ce5d2cd5436f6f6bbcf429f1.exe
"C:\Users\Admin\AppData\Local\Temp\4c51c19778965eeabbbe8b99c0f125f625082929ce5d2cd5436f6f6bbcf429f1.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1972
- C:\Users\Admin\AppData\Local\Temp\spr.prx
  C:\Users\Admin\AppData\Local\Temp\spr.prx
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:552

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\WINSPOOL.DRV

Filesize
1.3MB

MD5
ba9ab944dbcab2aeaa3ac90456efc8f3

SHA1
9211649a38fe56205d9aa49c85027e0fee78bde5

SHA256
700c81b0791c763951d572f562127943486fc72cba18ad544d92b1f993dd985a

SHA512
d69946183c675bd62af8a2919a3c6bb3f4a2f51802f906eac2530a08052a4b6cd5289379aaa2bfc80ee80fbfc3b4b6cef2dcdd167edca07ea065f772fd788e93

Download Submit
C:\Users\Admin\AppData\Local\Temp\e58aa26.tmp

Filesize
13KB

MD5
f4ac318a68081b2d2d7dd817dfde5f0b

SHA1
d6f905f582ccf950919368ce80fb71f3aaf30aec

SHA256
f6595e48c3840b0d3d124dd5ad3d03f8fc4e2e114f8ebeb54330a34c5c6b5064

SHA512
8629ddfde3d8af8bb8d854bdfcd58f56efbbeb8aeb71396624f2670c3c97966030492e233bbc6e59b038dc5a21576578b17931dee4385b9a3c4232450afe8712

Download Submit
C:\Users\Admin\AppData\Local\Temp\spr.prx

Filesize
6.6MB

MD5
5dec8a8d99a7fb0bc397926e758a0288

SHA1
2c88a174e78ce49f7c4c5abe3b33e2c9880d97b9

SHA256
4fb19c11d602c06bb2c4aca24431c4f5408ddf65246133be76654efcb56b2bc0

SHA512
e75ba2dd2d46c387571bb016e2852b26277d25f3c6797c75f0124f4560b5f0d6d7ab4ba3ccee4d15419a1a07c84d504df0a4b3aa94bd86c28542ac568596bc7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\spr.prx

Filesize
6.6MB

MD5
5dec8a8d99a7fb0bc397926e758a0288

SHA1
2c88a174e78ce49f7c4c5abe3b33e2c9880d97b9

SHA256
4fb19c11d602c06bb2c4aca24431c4f5408ddf65246133be76654efcb56b2bc0

SHA512
e75ba2dd2d46c387571bb016e2852b26277d25f3c6797c75f0124f4560b5f0d6d7ab4ba3ccee4d15419a1a07c84d504df0a4b3aa94bd86c28542ac568596bc7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\winspool.drv

Filesize
1.3MB

MD5
ba9ab944dbcab2aeaa3ac90456efc8f3

SHA1
9211649a38fe56205d9aa49c85027e0fee78bde5

SHA256
700c81b0791c763951d572f562127943486fc72cba18ad544d92b1f993dd985a

SHA512
d69946183c675bd62af8a2919a3c6bb3f4a2f51802f906eac2530a08052a4b6cd5289379aaa2bfc80ee80fbfc3b4b6cef2dcdd167edca07ea065f772fd788e93

Download Submit
memory/552-25-0x0000000000400000-0x0000000001267000-memory.dmp

Filesize
14.4MB

Download
memory/1972-3-0x0000000000400000-0x00000000013EA000-memory.dmp

Filesize
15.9MB

Download
memory/1972-4-0x0000000000400000-0x00000000013EA000-memory.dmp

Filesize
15.9MB

Download
memory/1972-0-0x0000000000400000-0x00000000013EA000-memory.dmp

Filesize
15.9MB

Download
memory/1972-14-0x00000000016A0000-0x00000000016A1000-memory.dmp

Filesize
4KB

Download
memory/1972-15-0x0000000000400000-0x00000000013EA000-memory.dmp

Filesize
15.9MB

Download
memory/1972-2-0x00000000016A0000-0x00000000016A1000-memory.dmp

Filesize
4KB

Download
memory/1972-1-0x0000000000400000-0x00000000013EA000-memory.dmp

Filesize
15.9MB

Download