298f88f75130429d5ad60777cce83045334b21cfbfced2481ae59070df3bf11d

Analysis

max time kernel
141s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
22/10/2023, 15:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

298f88f75130429d5ad60777cce83045334b21cfbfced2481ae59070df3bf11d.exe
Size

13.6MB
MD5

fca72c9ad336077e24efdf08e5886d94
SHA1

0afb8669326251de1b4d417b63f3460046bce06d
SHA256

298f88f75130429d5ad60777cce83045334b21cfbfced2481ae59070df3bf11d
SHA512

ee3e6e3a1cda317cbda00ad4b7ac8754ebfd0cfa7f81cbfc318d4144681798917433d3b22fe0568af88a90bcc03d84d2faf385ce747c583c77af0bf0446233ad
SSDEEP

393216:Mv8/BfDTSXNx4lmDvCzjkM3F4RJgI5BMnde0ggU:MvMsNDUgggBMYeU

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4604	298f88f75130429d5ad60777cce83045334b21cfbfced2481ae59070df3bf11d.exe
4604	298f88f75130429d5ad60777cce83045334b21cfbfced2481ae59070df3bf11d.exe
4604	298f88f75130429d5ad60777cce83045334b21cfbfced2481ae59070df3bf11d.exe
4604	298f88f75130429d5ad60777cce83045334b21cfbfced2481ae59070df3bf11d.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4604 wrote to memory of 4280	4604	298f88f75130429d5ad60777cce83045334b21cfbfced2481ae59070df3bf11d.exe	93
PID 4604 wrote to memory of 4280	4604	298f88f75130429d5ad60777cce83045334b21cfbfced2481ae59070df3bf11d.exe	93
PID 4604 wrote to memory of 4280	4604	298f88f75130429d5ad60777cce83045334b21cfbfced2481ae59070df3bf11d.exe	93
PID 4604 wrote to memory of 1036	4604	298f88f75130429d5ad60777cce83045334b21cfbfced2481ae59070df3bf11d.exe	94
PID 4604 wrote to memory of 1036	4604	298f88f75130429d5ad60777cce83045334b21cfbfced2481ae59070df3bf11d.exe	94
PID 4604 wrote to memory of 1036	4604	298f88f75130429d5ad60777cce83045334b21cfbfced2481ae59070df3bf11d.exe	94

C:\Users\Admin\AppData\Local\Temp\298f88f75130429d5ad60777cce83045334b21cfbfced2481ae59070df3bf11d.exe
"C:\Users\Admin\AppData\Local\Temp\298f88f75130429d5ad60777cce83045334b21cfbfced2481ae59070df3bf11d.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4604
- C:\Windows\SysWOW64\cmd.exe
  cmd /c del "C:\Users\Admin\AppData\Local\Temp\*f88f75130429d5ad60777cce83045334b21cfbfced2481ae59070df3bf11d.exe"
  2⤵
  PID:4280
- C:\Windows\SysWOW64\cmd.exe
  cmd /c del "C:\Users\Admin\AppData\Local\Temp\*.dll"
  2⤵
  PID:1036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1411d2ce965c3d7252f2f5e41d938987.ini

Filesize
1KB

MD5
b7c280a83374dd43758ff9c2aa3dd107

SHA1
ae9436cae4a3e575ffe1a28da8397e58711c73c9

SHA256
a80c16efd39e99712ef502dc44f20ed9b8ce41da584c4e1279ec0e5b0bc73bba

SHA512
1b01c7c486ddf2cb623856938197c72cf62dd6bc7e80296a1ff2a867ddab7d3089e3f003721ecfcbe6d18bca08a5ca20917037af24a24162c1547ddd3b32f91b

Download Submit
C:\Users\Admin\AppData\Local\Temp\1411d2ce965c3d7252f2f5e41d938987A.ini

Filesize
1KB

MD5
d2eb9a5b38dd7ee99022927005058fb6

SHA1
d6db5c6f97588347e0b9bf6a76737b405f3625b9

SHA256
346b290cbc2275c89ebac6863ef3ca0afbc679f2f4640127c8ba5ae87496a820

SHA512
f88a2781af28616a317d7da5f4778aa9c181452d37c656d975cdd20dd9ccf312368c9739c358b65d8f4723e1ad1a10de4567bb43901d4882cdcdf2b6e7bf1317

Download Submit
C:\Users\Admin\AppData\Local\Temp\298f88f75130429d5ad60777cce83045334b21cfbfced2481ae59070df3bf11d.exepack.tmp

Filesize
2KB

MD5
0f18fdb8fa91f1ad152dab4405145e9c

SHA1
bed878f6213700aae43fe41cea94c468ea6c8288

SHA256
7901c73f0feac50c62b0e4220cc19d80744655d70860e84dc3cc51491abc4da7

SHA512
42139227f0bf5d8d751c55ee0b67fdd6e09a1273b27da61b707c7d348465fcf2fbcf4b1945154f414e6ab67dff471744640fe4f26d9d8826fb24d9e3e094301f

Download Submit
memory/4604-400-0x0000000000400000-0x0000000001DD0000-memory.dmp

Filesize
25.8MB

Download
memory/4604-402-0x0000000000400000-0x0000000001DD0000-memory.dmp

Filesize
25.8MB

Download
memory/4604-2-0x0000000000400000-0x0000000001DD0000-memory.dmp

Filesize
25.8MB

Download
memory/4604-1-0x0000000002080000-0x0000000002083000-memory.dmp

Filesize
12KB

Download
memory/4604-397-0x0000000000400000-0x0000000001DD0000-memory.dmp

Filesize
25.8MB

Download
memory/4604-398-0x0000000002080000-0x0000000002083000-memory.dmp

Filesize
12KB

Download
memory/4604-399-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/4604-0-0x0000000000400000-0x0000000001DD0000-memory.dmp

Filesize
25.8MB

Download
memory/4604-401-0x0000000000400000-0x0000000001DD0000-memory.dmp

Filesize
25.8MB

Download
memory/4604-5-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/4604-403-0x0000000000400000-0x0000000001DD0000-memory.dmp

Filesize
25.8MB

Download
memory/4604-404-0x0000000000400000-0x0000000001DD0000-memory.dmp

Filesize
25.8MB

Download
memory/4604-405-0x0000000000400000-0x0000000001DD0000-memory.dmp

Filesize
25.8MB

Download
memory/4604-406-0x0000000000400000-0x0000000001DD0000-memory.dmp

Filesize
25.8MB

Download
memory/4604-407-0x0000000000400000-0x0000000001DD0000-memory.dmp

Filesize
25.8MB

Download
memory/4604-408-0x0000000000400000-0x0000000001DD0000-memory.dmp

Filesize
25.8MB

Download
memory/4604-409-0x0000000000400000-0x0000000001DD0000-memory.dmp

Filesize
25.8MB

Download
memory/4604-410-0x0000000000400000-0x0000000001DD0000-memory.dmp

Filesize
25.8MB

Download
memory/4604-411-0x0000000000400000-0x0000000001DD0000-memory.dmp

Filesize
25.8MB

Download
memory/4604-412-0x0000000000400000-0x0000000001DD0000-memory.dmp

Filesize
25.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads