5f9d7eacff67e575e586cdc4e712bd823e34d14ef3383ea48ca19d6114292cbc

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
30/10/2023, 22:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5f9d7eacff67e575e586cdc4e712bd823e34d14ef3383ea48ca19d6114292cbc.exe
Size

824KB
MD5

165879fe20cab0b289680a3dc66f916b
SHA1

666d277685fbdf484919f3b798ecb9d9b3666b85
SHA256

5f9d7eacff67e575e586cdc4e712bd823e34d14ef3383ea48ca19d6114292cbc
SHA512

dc52d844de3f7a7a6850deea9bc058c6ac699e1c02cef59fe3658e3dfc20c1287c5fa29bc02ebb87f0373a37654a9a01d4e3754b764935425fa26a60fd61e1fa
SSDEEP

24576:uQMuTZedjFmKgRLRcKSt87B/j7bq777857l77277eRLn8awTFH57s7Rw0pGB+Q:XTqFmbLRdc

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2640	GEDCUFA.exe

Loads dropped DLL 2 IoCs

pid	Process
2516	5f9d7eacff67e575e586cdc4e712bd823e34d14ef3383ea48ca19d6114292cbc.exe
2516	5f9d7eacff67e575e586cdc4e712bd823e34d14ef3383ea48ca19d6114292cbc.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2516	5f9d7eacff67e575e586cdc4e712bd823e34d14ef3383ea48ca19d6114292cbc.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2516	5f9d7eacff67e575e586cdc4e712bd823e34d14ef3383ea48ca19d6114292cbc.exe
2516	5f9d7eacff67e575e586cdc4e712bd823e34d14ef3383ea48ca19d6114292cbc.exe
2640	GEDCUFA.exe
2640	GEDCUFA.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2516 wrote to memory of 2640	2516	5f9d7eacff67e575e586cdc4e712bd823e34d14ef3383ea48ca19d6114292cbc.exe	28
PID 2516 wrote to memory of 2640	2516	5f9d7eacff67e575e586cdc4e712bd823e34d14ef3383ea48ca19d6114292cbc.exe	28
PID 2516 wrote to memory of 2640	2516	5f9d7eacff67e575e586cdc4e712bd823e34d14ef3383ea48ca19d6114292cbc.exe	28
PID 2516 wrote to memory of 2640	2516	5f9d7eacff67e575e586cdc4e712bd823e34d14ef3383ea48ca19d6114292cbc.exe	28

C:\Users\Admin\AppData\Local\Temp\5f9d7eacff67e575e586cdc4e712bd823e34d14ef3383ea48ca19d6114292cbc.exe
"C:\Users\Admin\AppData\Local\Temp\5f9d7eacff67e575e586cdc4e712bd823e34d14ef3383ea48ca19d6114292cbc.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2516
- C:\Users\Admin\AppData\Local\Temp\GEDCUFA.exe
  C:\Users\Admin\AppData\Local\Temp\GEDCUFA.exe --
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\GEDCUFA.exe

Filesize
824KB

MD5
b25b3cad86b481b4271ed369214eb438

SHA1
11e3ebe8f66eece695afa087ed428ed440cbddab

SHA256
e296f9820441057e43487251187f41cf06e6b1a0bbe1f615b3b736439ea58d55

SHA512
cb82b4206fc95169efe71ae50300b07b4c069ec7789d98684175f3744a5f8326fa1e7e93ad829c74004c0fab756cd7cc8bccf455b87cc84ad88664802005d14c

Download Submit
C:\Users\Admin\AppData\Local\Temp\GEDCUFA.exe

Filesize
824KB

MD5
b25b3cad86b481b4271ed369214eb438

SHA1
11e3ebe8f66eece695afa087ed428ed440cbddab

SHA256
e296f9820441057e43487251187f41cf06e6b1a0bbe1f615b3b736439ea58d55

SHA512
cb82b4206fc95169efe71ae50300b07b4c069ec7789d98684175f3744a5f8326fa1e7e93ad829c74004c0fab756cd7cc8bccf455b87cc84ad88664802005d14c

Download Submit
\Users\Admin\AppData\Local\Temp\GEDCUFA.exe

Filesize
824KB

MD5
b25b3cad86b481b4271ed369214eb438

SHA1
11e3ebe8f66eece695afa087ed428ed440cbddab

SHA256
e296f9820441057e43487251187f41cf06e6b1a0bbe1f615b3b736439ea58d55

SHA512
cb82b4206fc95169efe71ae50300b07b4c069ec7789d98684175f3744a5f8326fa1e7e93ad829c74004c0fab756cd7cc8bccf455b87cc84ad88664802005d14c

Download Submit
\Users\Admin\AppData\Local\Temp\GEDCUFA.exe

Filesize
824KB

MD5
b25b3cad86b481b4271ed369214eb438

SHA1
11e3ebe8f66eece695afa087ed428ed440cbddab

SHA256
e296f9820441057e43487251187f41cf06e6b1a0bbe1f615b3b736439ea58d55

SHA512
cb82b4206fc95169efe71ae50300b07b4c069ec7789d98684175f3744a5f8326fa1e7e93ad829c74004c0fab756cd7cc8bccf455b87cc84ad88664802005d14c

Download Submit