Overview

overview

3

Static

static

3

2d10264e56...f2.exe

windows7-x64

1

2d10264e56...f2.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    14/11/2023, 03:57

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2d10264e562b31b385c8bf5023a2820c7260aab25ef8ff7c2f92be6cb4d4b4f2.exe

  • Size

    10.6MB

  • MD5

    46809436cd9b28cecc07f4949cbd49ad

  • SHA1

    01b6ab558ad5d7c988b3c4c0c4471377cf165126

  • SHA256

    2d10264e562b31b385c8bf5023a2820c7260aab25ef8ff7c2f92be6cb4d4b4f2

  • SHA512

    1e0e97b4fc92e47612fe27494ddbe8035137f654b385080f18ee52c0279d6b028eee07ee5b1b945d57316c7a1d430b50c19e5ea405fea86f01c9ed401ebabfd8

  • SSDEEP

    98304:Gl4mFPpwP9JNwpqR9ZLt0PqBFg4crzcnYG3t2Xd3k5aunAnFgQr3y:GlFxi9zhgxOYG3t2NXTFPr3y

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2d10264e562b31b385c8bf5023a2820c7260aab25ef8ff7c2f92be6cb4d4b4f2.exe
    "C:\Users\Admin\AppData\Local\Temp\2d10264e562b31b385c8bf5023a2820c7260aab25ef8ff7c2f92be6cb4d4b4f2.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3052
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:2376

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\SetupOption\MainOption.ini
            Filesize

            36B

            MD5

            c00d20589a3389b1bde66fd0c6437115

            SHA1

            e5cd92bc2a71349ecd4c5ea8889467e5f2be40a2

            SHA256

            685241fde998e68163f241ea42edefd032007ce56acb525d49e11242c54b6e3a

            SHA512

            f6c73ea717e6a1bcda9a08ae4f760ca2d45a89063d0f8b9ad946ec265bd61bbf6b23dfe330283bd12e9fe4526cdb292f68f81e1958f07d3ab4f41b78b8c9fb99

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\SetupOption\MainOption.ini
            Filesize

            216B

            MD5

            5e33bf3632a2666d2fa42e104be64fcb

            SHA1

            e54e8e3977bc373cb3291c6f62eef006b3c86e36

            SHA256

            c253aee3ad9461bf02ed51e00ca51e8e9ecd9a3e02ea073fef3f88ad8874c12c

            SHA512

            c144e151135caba773b9f611dd640538ee851a33d97bdc0333afba3051ab24f96eeab7c0e2e536aaa961f4b824f15fe3936d3089e3e58c4912f0153a1d08f4e7

            Download Submit

          • C:\Windows\System32\spool\drivers\x64\3\mxdwdui.BUD
            Filesize

            56KB

            MD5

            bd72dcf1083b6e22ccbfa0e8e27fb1e0

            SHA1

            3fd23d4f14da768da7b8364d74c54932d704e74e

            SHA256

            90f44f69950a796ab46ff09181585ac9dabf21271f16ebb9ea385c957e5955c1

            SHA512

            72360ab4078ad5e0152324f9a856b3396e2d0247f7f95ac8a5a53a25126ac3cff567cc523849e28d92a99730ee8ffb30366f09c428258f93a5cca6d0c5905562

            Download Submit

          • memory/3052-0-0x0000000000230000-0x0000000000231000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3052-32-0x0000000000400000-0x0000000000EC2000-memory.dmp

            Filesize

            10.8MB

            Download

          • memory/3052-35-0x0000000000230000-0x0000000000231000-memory.dmp

            Filesize

            4KB

            Download