Overview

overview

7

Static

static

3

fb302e975c...9b.exe

windows7-x64

7

fb302e975c...9b.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    141s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/11/2023, 04:00

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    fb302e975c591a532dce68274f3c6893495bf356267b95033c9b53f62a569a9b.exe

  • Size

    11.7MB

  • MD5

    7c482407d9922c3965576a6112a28893

  • SHA1

    0462ebf257f35b4d63e7d0874c5995b8816f73ba

  • SHA256

    fb302e975c591a532dce68274f3c6893495bf356267b95033c9b53f62a569a9b

  • SHA512

    90b6a5a8693abdd07e37e5dc15fcd1d85307f9aba67ac0b4cdf19648fcf37a029f228510e956fb12b5a22ca328f9a91723c3d7dc5b0647298697df405117e839

  • SSDEEP

    196608:3mJ6bF/K8vI4RqRO7GbfQuu8eMvvAkvNfBELaLi1BnRZKI4py/Sj2aguXN:U4M438dvvLvALaG1BRZLUyDand

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fb302e975c591a532dce68274f3c6893495bf356267b95033c9b53f62a569a9b.exe
    "C:\Users\Admin\AppData\Local\Temp\fb302e975c591a532dce68274f3c6893495bf356267b95033c9b53f62a569a9b.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3200
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\×Ôɱ.bat
      2⤵
        PID:2692

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\fb302e975c591a532dce68274f3c6893495bf356267b95033c9b53f62a569a9b.exe1.exe
            Filesize

            11.7MB

            MD5

            5d9cc27828c3c6b7bbf0d3b0f35d591a

            SHA1

            3f0d7f6a074cfd8f4aaac03827ac84c2f60c65ca

            SHA256

            58cd7971056c5eddb1c3b21a93fedd673f8775633cb6108e511b61eac358cc87

            SHA512

            f7f926d059e98ec60423065fb01e8f14225e1426705b7ef5cbd5c8667241bd743a3d887d864830684373baf8e053a61a1b4226100b29252bbe5a4b8a1d37f0f2

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\×Ôɱ.bat
            Filesize

            557B

            MD5

            3115ae6cd42b5c7fa5af4a953adf7722

            SHA1

            d22f785dda3d6445b041b2c14ec0d637e3291994

            SHA256

            b1aaa54877d00aedc0a8c54fd574ca33a6168dbb23b892bb75a4d784cdeec348

            SHA512

            777734307a4e73955a19c1924f547c578c8139e7f6a6a0cd12587c607f96a0a6793cf75cbeafaff4bf97eade73a80e95b7e7ef647ecf09a0bca654f5e8c61568

            Download Submit

          • memory/3200-1-0x0000000002840000-0x0000000002841000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3200-0-0x0000000002710000-0x0000000002711000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3200-2-0x0000000002850000-0x0000000002851000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3200-3-0x0000000004320000-0x0000000004321000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3200-5-0x0000000004340000-0x0000000004341000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3200-4-0x0000000004330000-0x0000000004331000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3200-7-0x0000000000400000-0x000000000256B000-memory.dmp

            Filesize

            33.4MB

            Download

          • memory/3200-6-0x0000000000400000-0x000000000256B000-memory.dmp

            Filesize

            33.4MB

            Download

          • memory/3200-15-0x0000000000400000-0x000000000256B000-memory.dmp

            Filesize

            33.4MB

            Download