958ba3838be4c5ba524928c997969174550e93aaeff81d01a1a01a8eea25b50b

Analysis

max time kernel
151s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2023, 15:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

958ba3838be4c5ba524928c997969174550e93aaeff81d01a1a01a8eea25b50b.exe
Size

4.9MB
MD5

692d210893f58dea8ccd085335be10a2
SHA1

2c0253db0775f453dbb4bc0600e6318db335c115
SHA256

958ba3838be4c5ba524928c997969174550e93aaeff81d01a1a01a8eea25b50b
SHA512

8313cc5d246e7806d518d068b498ac5f5f15204510a4713b5e8894d570affe1e2dbeb82782c86da089e41a8b8b1195aefecea3f060579fd102fdd9197f19fec1
SSDEEP

98304:riTy7MtmDHHB0d2F2SsSAZit1jauAVRWJ8fYas0OSEL1mS1D:rBHHBr21SeU1jauAV08Bs0Ol1D

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1420	958ba3838be4c5ba524928c997969174550e93aaeff81d01a1a01a8eea25b50b.tmp
5044	myaz.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1420	958ba3838be4c5ba524928c997969174550e93aaeff81d01a1a01a8eea25b50b.tmp
1420	958ba3838be4c5ba524928c997969174550e93aaeff81d01a1a01a8eea25b50b.tmp

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1420	958ba3838be4c5ba524928c997969174550e93aaeff81d01a1a01a8eea25b50b.tmp

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5044	myaz.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3316 wrote to memory of 1420	3316	958ba3838be4c5ba524928c997969174550e93aaeff81d01a1a01a8eea25b50b.exe	82
PID 3316 wrote to memory of 1420	3316	958ba3838be4c5ba524928c997969174550e93aaeff81d01a1a01a8eea25b50b.exe	82
PID 3316 wrote to memory of 1420	3316	958ba3838be4c5ba524928c997969174550e93aaeff81d01a1a01a8eea25b50b.exe	82
PID 1420 wrote to memory of 5044	1420	958ba3838be4c5ba524928c997969174550e93aaeff81d01a1a01a8eea25b50b.tmp	85
PID 1420 wrote to memory of 5044	1420	958ba3838be4c5ba524928c997969174550e93aaeff81d01a1a01a8eea25b50b.tmp	85
PID 1420 wrote to memory of 5044	1420	958ba3838be4c5ba524928c997969174550e93aaeff81d01a1a01a8eea25b50b.tmp	85

C:\Users\Admin\AppData\Local\Temp\958ba3838be4c5ba524928c997969174550e93aaeff81d01a1a01a8eea25b50b.exe
"C:\Users\Admin\AppData\Local\Temp\958ba3838be4c5ba524928c997969174550e93aaeff81d01a1a01a8eea25b50b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3316
- C:\Users\Admin\AppData\Local\Temp\is-3KHE0.tmp\958ba3838be4c5ba524928c997969174550e93aaeff81d01a1a01a8eea25b50b.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-3KHE0.tmp\958ba3838be4c5ba524928c997969174550e93aaeff81d01a1a01a8eea25b50b.tmp" /SL5="$B0060,4250471,1084416,C:\Users\Admin\AppData\Local\Temp\958ba3838be4c5ba524928c997969174550e93aaeff81d01a1a01a8eea25b50b.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1420
- - C:\Users\Admin\AppData\Local\Temp\is-CLEFM.tmp\myaz.exe
    "C:\Users\Admin\AppData\Local\Temp\is-CLEFM.tmp\myaz.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-3KHE0.tmp\958ba3838be4c5ba524928c997969174550e93aaeff81d01a1a01a8eea25b50b.tmp

Filesize
3.2MB

MD5
375575d97681b415ebc5b1b518dcc424

SHA1
57e4a6009cd07c07243b06d79d51a4c388ab5f7e

SHA256
dfa704bdd1ec468a17ca80b2e162efbcdc6efc3e884557773ba33975b07534aa

SHA512
40fe0244a03231c39649f62607998b609780db20c656ed42c91d0be20bd35ecdd9e37adb6d5a519d2df42ca164511d6eee8daeec61e889a81bca0f20aeb1bc95

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-CLEFM.tmp\myaz.exe

Filesize
200KB

MD5
5e4b69551e289b363f096f51e3766218

SHA1
ffd0e4a82c3957931ebe0074040ab7dea612b756

SHA256
e7dd174e4afa985b3359e6423bd4132928b61c60003e21f3f9857f143d612b90

SHA512
921ecf0c00d69111a9884d062a1e8761b1c8b9c975bee1c00d0e3d377c2f4ae2827612b52e12eee078f8f205f5668b40db93801d38862396eb538c923f3b23ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-CLEFM.tmp\myaz.exe

Filesize
200KB

MD5
5e4b69551e289b363f096f51e3766218

SHA1
ffd0e4a82c3957931ebe0074040ab7dea612b756

SHA256
e7dd174e4afa985b3359e6423bd4132928b61c60003e21f3f9857f143d612b90

SHA512
921ecf0c00d69111a9884d062a1e8761b1c8b9c975bee1c00d0e3d377c2f4ae2827612b52e12eee078f8f205f5668b40db93801d38862396eb538c923f3b23ad

Download Submit
memory/1420-6-0x0000000000920000-0x0000000000921000-memory.dmp

Filesize
4KB

Download
memory/1420-80-0x0000000000400000-0x000000000074E000-memory.dmp

Filesize
3.3MB

Download
memory/1420-81-0x0000000000920000-0x0000000000921000-memory.dmp

Filesize
4KB

Download
memory/3316-1-0x0000000000400000-0x0000000000516000-memory.dmp

Filesize
1.1MB

Download
memory/3316-79-0x0000000000400000-0x0000000000516000-memory.dmp

Filesize
1.1MB

Download