Overview

overview

8

Static

static

3

ad008f1899...16.exe

windows7-x64

8

ad008f1899...16.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    121s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    27/11/2023, 05:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ad008f1899e0648529285ae0d328d7f494e69dc1c17872c8d8384a89540d5416.exe

  • Size

    5.1MB

  • MD5

    278542de27388fb99a77368995ff647f

  • SHA1

    64e93f112ffe8cfe02e0e75ca2bb86e7458bcc8c

  • SHA256

    ad008f1899e0648529285ae0d328d7f494e69dc1c17872c8d8384a89540d5416

  • SHA512

    03080069465155e43e1605cd3b9e973594db582910c378e984ab89b1d80a19270429debdfc230a7e93a1fe62dd8b99cedd80ea133f55dedd549761f8f7387067

  • SSDEEP

    98304:Tu6wCUb2ZLddnXEJiDEWo5KG0uaQ5bzOJDb4v+h:TG2d65ZHTGN0v+

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Loads dropped DLL 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ad008f1899e0648529285ae0d328d7f494e69dc1c17872c8d8384a89540d5416.exe
    "C:\Users\Admin\AppData\Local\Temp\ad008f1899e0648529285ae0d328d7f494e69dc1c17872c8d8384a89540d5416.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:2288

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Cab4369.tmp
    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\lite_installer.log
    Filesize

    4KB

    MD5

    8a9372aa72177b869865663e7690afde

    SHA1

    df7bf193ad2fb3cfe0d60eb571a9728c6e8aa843

    SHA256

    6206be226dc3aeeacdac1949387682dac82493ba312121e780fdfbd90bfc683e

    SHA512

    111e78b0a7988a74a99d6bf0b01e8b9db91d05b6457021e05a062b7791d73841d693d4ae0c07474f0765c6107937e6eba1eea14a535912856dd2e40bc95d87c3

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Yandex\ui
    Filesize

    38B

    MD5

    6a1593e4afa7cfa1ac2909a20d4e463b

    SHA1

    3642af826677b05d7fb16fd521960a8e71c7a388

    SHA256

    db5105b4b309e0df93ee0df7445d5c1281cd92fc4eed33315acd1ab8f22bacca

    SHA512

    7517eb5b5936194a5e461846d8a8510ebfc7f553855c324f8fe93d4ca93dd9c080ab7b330e658ba45319f8c5c75484d8776b9bf86dfb251300cdccc5be26b318

    Download Submit

  • \Users\Admin\AppData\Local\Temp\yb40C8.tmp
    Filesize

    122.1MB

    MD5

    e8ced8919c419800aaa426ce1b5409fb

    SHA1

    7350795a431c409129c2bbf3b5087cd0260a9e5a

    SHA256

    be9725053dbb7b5f3f8a765970dbce71023239efd00a07c42d35a5a1b849b759

    SHA512

    d7f140dfdfbdaad810f35327b309b171678a60b0efac5ec48bcc5e84eac13b922bfdfa6131829b7c64591e6e99fcf475a2ef2f5c313bea63278464c8c56b19ea

    Download Submit

  • \Users\Admin\AppData\Local\Temp\yb40C8.tmp
    Filesize

    122.1MB

    MD5

    e8ced8919c419800aaa426ce1b5409fb

    SHA1

    7350795a431c409129c2bbf3b5087cd0260a9e5a

    SHA256

    be9725053dbb7b5f3f8a765970dbce71023239efd00a07c42d35a5a1b849b759

    SHA512

    d7f140dfdfbdaad810f35327b309b171678a60b0efac5ec48bcc5e84eac13b922bfdfa6131829b7c64591e6e99fcf475a2ef2f5c313bea63278464c8c56b19ea

    Download Submit