6abb70ccb6bd9de7f82e4dd78d95e125f85a0ccf7a6f146d0c8281f27a727814

Analysis

max time kernel
79s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
14/10/2023, 03:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6abb70ccb6bd9de7f82e4dd78d95e125f85a0ccf7a6f146d0c8281f27a727814.exe
Size

13.0MB
MD5

6427ef9caf9cf8dcd9e8b060885fac9a
SHA1

1e3fb1e6d9566d6f8d0a6f92e599809eeb586a38
SHA256

6abb70ccb6bd9de7f82e4dd78d95e125f85a0ccf7a6f146d0c8281f27a727814
SHA512

a377e936b44f08b0223ae857f587c3ff141d5524f9119f484d23483a5dbe366ab291f616106f8e555f3684ffc828bc364d908ec0ef78eac0afd11280590a40fb
SSDEEP

98304:2lG50V4fkg0xZLZ4QowKGs8UdkCXlyFm9uALfprsQ9WbOk8gVzArOSqeDalc6d11:z0VAwxZURnuAdcbOk8Sc9BDal91

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4192	dlq.exe

Loads dropped DLL 2 IoCs

pid	Process
4120	6abb70ccb6bd9de7f82e4dd78d95e125f85a0ccf7a6f146d0c8281f27a727814.exe
4192	dlq.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\ForwardConfig.dat	6abb70ccb6bd9de7f82e4dd78d95e125f85a0ccf7a6f146d0c8281f27a727814.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4120	6abb70ccb6bd9de7f82e4dd78d95e125f85a0ccf7a6f146d0c8281f27a727814.exe
4120	6abb70ccb6bd9de7f82e4dd78d95e125f85a0ccf7a6f146d0c8281f27a727814.exe
4192	dlq.exe
4192	dlq.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4120 wrote to memory of 4192	4120	6abb70ccb6bd9de7f82e4dd78d95e125f85a0ccf7a6f146d0c8281f27a727814.exe	86
PID 4120 wrote to memory of 4192	4120	6abb70ccb6bd9de7f82e4dd78d95e125f85a0ccf7a6f146d0c8281f27a727814.exe	86
PID 4120 wrote to memory of 4192	4120	6abb70ccb6bd9de7f82e4dd78d95e125f85a0ccf7a6f146d0c8281f27a727814.exe	86

C:\Users\Admin\AppData\Local\Temp\6abb70ccb6bd9de7f82e4dd78d95e125f85a0ccf7a6f146d0c8281f27a727814.exe
"C:\Users\Admin\AppData\Local\Temp\6abb70ccb6bd9de7f82e4dd78d95e125f85a0ccf7a6f146d0c8281f27a727814.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4120
- C:\Users\Admin\AppData\Local\Temp\dlq.exe
  C:\Users\Admin\AppData\Local\Temp\dlq.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:4192

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\ForwardConfig.dat

Filesize
487B

MD5
5e5e219bd6715a28f1bb1fc041d1b224

SHA1
eabe1cf6fe891b90de6e674e164791cd55b9d349

SHA256
74f9b23153a70b37c67758c43defce96762b580d4cb3192a6dee89d0853d537c

SHA512
73b8d4944194dcff947d3490344add843d5a5a87dd7692fc6b805042e55507270e08f9a37aea232af990571eec10872547a2b85570e3d971d1213b2382e263fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\E2EECore.2.7.2.dll

Filesize
8.4MB

MD5
8b6c94bbdbfb213e94a5dcb4fac28ce3

SHA1
b56102ca4f03556f387f8b30e2b404efabe0cb65

SHA256
982a177924762f270b36fe34c7d6847392b48ae53151dc2011078dceef487a53

SHA512
9d6d63b5d8cf7a978d7e91126d7a343c2f7acd00022da9d692f63e50835fdd84a59a93328564f10622f2b1f6adfd7febdd98b8ddb294d0754ed45cc9c165d25a

Download Submit
C:\Users\Admin\AppData\Local\Temp\HPSocket4C.dll

Filesize
2.1MB

MD5
c091a823c41bb5bc6c5a1ab6c926504c

SHA1
7b358a9211f8f5e3ce22f38075caf605fc4d2032

SHA256
c58334cb8bd8e7a2c998d0717fff8bacbd873ab949e40a0e5f053dd51b67cca4

SHA512
742ea0c78115f602c16a793d6d34ea97f0ff8bd4fc1ab28b90b7b7a3dc6fe6b921615ce97c0b23839e18f632d8e09f4319052de532dd9d31b70a22f12b7cc68d

Download Submit
C:\Users\Admin\AppData\Local\Temp\HPSocket4C.dll

Filesize
2.1MB

MD5
c091a823c41bb5bc6c5a1ab6c926504c

SHA1
7b358a9211f8f5e3ce22f38075caf605fc4d2032

SHA256
c58334cb8bd8e7a2c998d0717fff8bacbd873ab949e40a0e5f053dd51b67cca4

SHA512
742ea0c78115f602c16a793d6d34ea97f0ff8bd4fc1ab28b90b7b7a3dc6fe6b921615ce97c0b23839e18f632d8e09f4319052de532dd9d31b70a22f12b7cc68d

Download Submit
C:\Users\Admin\AppData\Local\Temp\dlq.exe

Filesize
10.0MB

MD5
d3589ecc195eae4028f259f65e07c326

SHA1
bb8f498db27f39ee791488a3f2149c5c7f77b875

SHA256
0f14f9a4f00c83a0a2fb25fcfe11aee137d1e4c1a6aee72c1cbea6e3f015f375

SHA512
e61a8c7297e9dd695e131897d2e321f2c1159aa899229cb4bb8c379fd5c248bf70d9b12dcf8143799315fdd492641474e756cc88053e6b4e727786d33775f465

Download Submit
C:\Users\Admin\AppData\Local\Temp\dlq.exe

Filesize
10.0MB

MD5
d3589ecc195eae4028f259f65e07c326

SHA1
bb8f498db27f39ee791488a3f2149c5c7f77b875

SHA256
0f14f9a4f00c83a0a2fb25fcfe11aee137d1e4c1a6aee72c1cbea6e3f015f375

SHA512
e61a8c7297e9dd695e131897d2e321f2c1159aa899229cb4bb8c379fd5c248bf70d9b12dcf8143799315fdd492641474e756cc88053e6b4e727786d33775f465

Download Submit