Overview

overview

8

Static

static

3

d61d142fb6...61.exe

windows7-x64

8

d61d142fb6...61.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    14-11-2023 15:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d61d142fb6ed3786f0236997534649b9227d447cb31e708c169ec4098039f861.exe

  • Size

    6.2MB

  • MD5

    87a6819a949ba1bbb1bf3c1e865e97d4

  • SHA1

    513a2c29db35850185eb2012ba2a4f7f044f7805

  • SHA256

    d61d142fb6ed3786f0236997534649b9227d447cb31e708c169ec4098039f861

  • SHA512

    a5bba17fbd8c8cd81b50c8ec53ab194d3f1bdf03faa33e0dd04180f0c22ce0a6019cb3b289db4effccab7bc36698ddfa43cfc8815cecbf466cdfb0c3939d86a7

  • SSDEEP

    98304:irS2H6ei5nczn0fCmXyHd7S8mUQgPg9jPKdzOJDb4v+:/Yz0auCS8mUQgP1wN0v+

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Loads dropped DLL 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d61d142fb6ed3786f0236997534649b9227d447cb31e708c169ec4098039f861.exe
    "C:\Users\Admin\AppData\Local\Temp\d61d142fb6ed3786f0236997534649b9227d447cb31e708c169ec4098039f861.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:2148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Cab4B65.tmp
    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\lite_installer.log
    Filesize

    7KB

    MD5

    df3124e621210826d06d67e76ef65efa

    SHA1

    7f0933755c8dce6276ea6950ba999818778a492f

    SHA256

    1a75232569edeeb8e717f0d312fd0a7ea872646c56ebd5b4dddea125bb9df15c

    SHA512

    73d27bd4bb936acf15e0eddc3aebce8ba674a57c05fe9076a223e599576658868cfcaca069622f0fc12bc8e4baaed57c0d249c768326ea1c747b165cb875c895

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Yandex\ui
    Filesize

    38B

    MD5

    211633dac5f5701434c599b4698836e3

    SHA1

    d1412787ce1c006148cc7ba6691259ae36a9538d

    SHA256

    43630892deb11269696b78467b0557dfdd6f2c50a54d3e66abe558561d1d688f

    SHA512

    b6beb6c765542435192ed5eb00f3179b178ccc98f40056ca095b556997a2d59dbdab2a8d0479da5a75875d343b15e9a722842ebb8ea7058fb7112a26ec9d662d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\yb471E.tmp
    Filesize

    140.7MB

    MD5

    8c64c4d22282f23112d1cd6665ddd291

    SHA1

    d5a4ca6f0261ae2c7d0c882e952d3aab6de93894

    SHA256

    56252150c84539780d8c3c34e9f840c8cd2eecc4e701e7d7536b9a7bb68d8c49

    SHA512

    1c39f382770d76edc30ef1202ad40db1cffc892d0e993ef4ffffb1d924e111f812b47d4ba767e136a48be4309bc2048c21fdb620876ba35e2447601fc46c3ab0

    Download Submit

  • \Users\Admin\AppData\Local\Temp\yb471E.tmp
    Filesize

    140.7MB

    MD5

    8c64c4d22282f23112d1cd6665ddd291

    SHA1

    d5a4ca6f0261ae2c7d0c882e952d3aab6de93894

    SHA256

    56252150c84539780d8c3c34e9f840c8cd2eecc4e701e7d7536b9a7bb68d8c49

    SHA512

    1c39f382770d76edc30ef1202ad40db1cffc892d0e993ef4ffffb1d924e111f812b47d4ba767e136a48be4309bc2048c21fdb620876ba35e2447601fc46c3ab0

    Download Submit