Analysis
-
max time kernel
141s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
13-10-2023 13:07
Static task
static1
Behavioral task
behavioral1
Sample
1a94cb45041d8ced1b80273edf82f32c865cdab50737621ceb6f2123a72d998b.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
1a94cb45041d8ced1b80273edf82f32c865cdab50737621ceb6f2123a72d998b.exe
Resource
win10v2004-20230915-en
General
-
Target
1a94cb45041d8ced1b80273edf82f32c865cdab50737621ceb6f2123a72d998b.exe
-
Size
14.7MB
-
MD5
5310c5d1b22e9a93e6fd9f485d36cb24
-
SHA1
4f11bbdb5f7f289c42ad83fa8a19e01973f1d5a3
-
SHA256
1a94cb45041d8ced1b80273edf82f32c865cdab50737621ceb6f2123a72d998b
-
SHA512
8c47561789c861c7e901ee0729276a8fcf23c1cb13be0863de8194ef3f5328ddb66fa4708813bd01ec79b6cdf7294d9b16b42c416fd3ca6d70ecca2a0a01b2d0
-
SSDEEP
393216:EV0vQWz99TdizRzol+g3viKW/60r9zR+OsOge:a0vBzdYoDKL7TsW
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
1a94cb45041d8ced1b80273edf82f32c865cdab50737621ceb6f2123a72d998b.exepid process 1748 1a94cb45041d8ced1b80273edf82f32c865cdab50737621ceb6f2123a72d998b.exe 1748 1a94cb45041d8ced1b80273edf82f32c865cdab50737621ceb6f2123a72d998b.exe 1748 1a94cb45041d8ced1b80273edf82f32c865cdab50737621ceb6f2123a72d998b.exe 1748 1a94cb45041d8ced1b80273edf82f32c865cdab50737621ceb6f2123a72d998b.exe -
Suspicious use of WriteProcessMemory 8 IoCs
Processes:
1a94cb45041d8ced1b80273edf82f32c865cdab50737621ceb6f2123a72d998b.exedescription pid process target process PID 1748 wrote to memory of 1700 1748 1a94cb45041d8ced1b80273edf82f32c865cdab50737621ceb6f2123a72d998b.exe cmd.exe PID 1748 wrote to memory of 1700 1748 1a94cb45041d8ced1b80273edf82f32c865cdab50737621ceb6f2123a72d998b.exe cmd.exe PID 1748 wrote to memory of 1700 1748 1a94cb45041d8ced1b80273edf82f32c865cdab50737621ceb6f2123a72d998b.exe cmd.exe PID 1748 wrote to memory of 1700 1748 1a94cb45041d8ced1b80273edf82f32c865cdab50737621ceb6f2123a72d998b.exe cmd.exe PID 1748 wrote to memory of 772 1748 1a94cb45041d8ced1b80273edf82f32c865cdab50737621ceb6f2123a72d998b.exe cmd.exe PID 1748 wrote to memory of 772 1748 1a94cb45041d8ced1b80273edf82f32c865cdab50737621ceb6f2123a72d998b.exe cmd.exe PID 1748 wrote to memory of 772 1748 1a94cb45041d8ced1b80273edf82f32c865cdab50737621ceb6f2123a72d998b.exe cmd.exe PID 1748 wrote to memory of 772 1748 1a94cb45041d8ced1b80273edf82f32c865cdab50737621ceb6f2123a72d998b.exe cmd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\1a94cb45041d8ced1b80273edf82f32c865cdab50737621ceb6f2123a72d998b.exe"C:\Users\Admin\AppData\Local\Temp\1a94cb45041d8ced1b80273edf82f32c865cdab50737621ceb6f2123a72d998b.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c del "C:\Users\Admin\AppData\Local\Temp\*4cb45041d8ced1b80273edf82f32c865cdab50737621ceb6f2123a72d998b.exe"2⤵
-
C:\Windows\SysWOW64\cmd.execmd /c del "C:\Users\Admin\AppData\Local\Temp\*.dll"2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\1a94cb45041d8ced1b80273edf82f32c865cdab50737621ceb6f2123a72d998b.exepack.tmpFilesize
2KB
MD5bb926f5c513a3b17329953b9abf883b4
SHA1c50ad74e77564716ecb1e7a55d7399cb7f43fc9c
SHA256832a829f0186fd556955ebe1c0504ea63f5d242215a1939a535834167cfceb1b
SHA512db84f170164f3d229e0ee4320951e288291ae1222cc7ddf9cd413d15801edf63fe062bd47155ecb61f3c3ea426707a74065e070b2bde0b592f0f52edbf279ae1
-
C:\Users\Admin\AppData\Local\Temp\b6905004ad0b4b2ce6c29da0af270168.iniFilesize
1KB
MD541a76be28a92c7c81455fc63e4546e70
SHA19c676cda2bf6f7baf57b4e44290de2bc343dada0
SHA256d01b3cce5a64e600a2a0cbd2f793112869cefdc85215ddf058cce265adabe375
SHA512c88bc72b17d26da1e2caf33ac9cd811cfc0e1f04bfc13c5a15cdca8b58266650d32ce9db234dcdfbdd07753fc83733d770e24e526fec23973a6e8507a5800a25
-
C:\Users\Admin\AppData\Local\Temp\b6905004ad0b4b2ce6c29da0af270168A.iniFilesize
1KB
MD5d07c0db3bcbbcd9e549377020f320624
SHA1cca0f78d1a5dcd8231f6c13b38c67c51431bc5ff
SHA2566ddf45fb9412348721ad0af7832c18a7daf641d6dc8cadc1fdcb56becc04ef84
SHA512c01e604ae9cca670660a159724b161d7c1ce06ac715224523ad18ae1b80225809e0eac3185150c3afb36187cad8ee15ee1a92d6bece2bca0c10690dc8bb1200a
-
memory/1748-352-0x0000000000400000-0x0000000001DCE000-memory.dmpFilesize
25.8MB
-
memory/1748-354-0x0000000000400000-0x0000000001DCE000-memory.dmpFilesize
25.8MB
-
memory/1748-2-0x0000000000400000-0x0000000001DCE000-memory.dmpFilesize
25.8MB
-
memory/1748-1-0x00000000001C0000-0x00000000001C3000-memory.dmpFilesize
12KB
-
memory/1748-347-0x00000000001C0000-0x00000000001C3000-memory.dmpFilesize
12KB
-
memory/1748-348-0x0000000000400000-0x0000000001DCE000-memory.dmpFilesize
25.8MB
-
memory/1748-349-0x0000000050000000-0x0000000050109000-memory.dmpFilesize
1.0MB
-
memory/1748-350-0x0000000000400000-0x0000000001DCE000-memory.dmpFilesize
25.8MB
-
memory/1748-351-0x0000000000400000-0x0000000001DCE000-memory.dmpFilesize
25.8MB
-
memory/1748-0-0x0000000000400000-0x0000000001DCE000-memory.dmpFilesize
25.8MB
-
memory/1748-353-0x0000000000400000-0x0000000001DCE000-memory.dmpFilesize
25.8MB
-
memory/1748-5-0x0000000050000000-0x0000000050109000-memory.dmpFilesize
1.0MB
-
memory/1748-355-0x0000000000400000-0x0000000001DCE000-memory.dmpFilesize
25.8MB
-
memory/1748-356-0x0000000000400000-0x0000000001DCE000-memory.dmpFilesize
25.8MB
-
memory/1748-357-0x0000000000400000-0x0000000001DCE000-memory.dmpFilesize
25.8MB
-
memory/1748-358-0x0000000000400000-0x0000000001DCE000-memory.dmpFilesize
25.8MB
-
memory/1748-359-0x0000000000400000-0x0000000001DCE000-memory.dmpFilesize
25.8MB
-
memory/1748-360-0x0000000000400000-0x0000000001DCE000-memory.dmpFilesize
25.8MB
-
memory/1748-361-0x0000000000400000-0x0000000001DCE000-memory.dmpFilesize
25.8MB
-
memory/1748-362-0x0000000000400000-0x0000000001DCE000-memory.dmpFilesize
25.8MB
-
memory/1748-363-0x0000000000400000-0x0000000001DCE000-memory.dmpFilesize
25.8MB