328d200ae92b359b071066bf4661b4f50990c3cd1ca465554913d622831f9220

Analysis

max time kernel
92s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22/12/2023, 07:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7afe0a68a1acc27eef5099cbe3156b0f.exe
Size

208KB
MD5

7afe0a68a1acc27eef5099cbe3156b0f
SHA1

e7c44f5e2e669c90d49fb77234cf3dfc0296fa29
SHA256

328d200ae92b359b071066bf4661b4f50990c3cd1ca465554913d622831f9220
SHA512

6533ac41b849a0795a3484a0d771c97cead01b99b67fa6a51469e21579f3bfe2581b8108a527cc619293a9a08a424a961bbb41ae5f1fe6acfdf10bc49cc94200
SSDEEP

6144:we0SlcxXO90xfscPhLcG1hpgbc7R3vwrO:wRSlcxXy0s0hLr1hpgbI

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3112	7afe0a68a1acc27eef5099cbe3156b0f.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	\??\c:\windows\7afe0a68a1acc27eef5099cbe3156b0f.exe	7afe0a68a1acc27eef5099cbe3156b0f.exe
File created	\??\c:\windows\7afe0a68a1acc27eef5099cbe3156b0f.exe	7afe0a68a1acc27eef5099cbe3156b0f.exe
File opened for modification	\??\c:\windows\DelAutorun.ini	7afe0a68a1acc27eef5099cbe3156b0f.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3580	7afe0a68a1acc27eef5099cbe3156b0f.exe
3112	7afe0a68a1acc27eef5099cbe3156b0f.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3580 wrote to memory of 3112	3580	7afe0a68a1acc27eef5099cbe3156b0f.exe	91
PID 3580 wrote to memory of 3112	3580	7afe0a68a1acc27eef5099cbe3156b0f.exe	91
PID 3580 wrote to memory of 3112	3580	7afe0a68a1acc27eef5099cbe3156b0f.exe	91

C:\Users\Admin\AppData\Local\Temp\7afe0a68a1acc27eef5099cbe3156b0f.exe
"C:\Users\Admin\AppData\Local\Temp\7afe0a68a1acc27eef5099cbe3156b0f.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3580
- \??\c:\windows\7afe0a68a1acc27eef5099cbe3156b0f.exe
  c:\windows\7afe0a68a1acc27eef5099cbe3156b0f.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\DelAutorun.ini

Filesize
162B

MD5
10d296af2405e67c0651e990d8884f83

SHA1
4ae87fa1ab2cad266c450f37b8ec1cc637c8dfc8

SHA256
00903b49037782ba51bcb5047902f24d43af2dfea4b36de2ca0303eb9121e135

SHA512
8c6123b158af6b116ba9dbe3170b81a6a624410485d38c1706e8f256c029f10a2f8d23ca3715666e900bd1b48d6a8097f03212ea9dffcead212b23933da31dea

Download Submit
C:\Windows\DelAutorun.ini

Filesize
292B

MD5
069676d5fd8f95b2aeef8cac8dde50bf

SHA1
8a90a5cbf8acae0fe408348eeee02d85d8977655

SHA256
569e4a14487d5f35295f8e17dda57e5d22ff99cc4760d0e3c9aa6523d31df08c

SHA512
05a4259105c9d7eb6be19eb15918286d1475d6a95f9c8239eba673e400f5d75fefeaf03752e4fc66ec67732ffb39d1347c2a11f54ef746518ed6623c926623bf

Download Submit
C:\Windows\DelAutorun.ini

Filesize
322B

MD5
ddc637a77947de3e4e7df19255ec81fc

SHA1
2d755eb586ddbad652251435367c29169a37803e

SHA256
e33130a0e2e9b5900d3f9b92b0713313d5194d2b79fdab0ffed04f3f1df3d35b

SHA512
d9dc6231b765dde7e781fc601e6994634fb7bd5a95811dade3417050f8064aa0358cafb5003bccca6379e455bea017d0e655fc2957b642fbb1efbab031fda6a1

Download Submit
C:\Windows\DelAutorun.ini

Filesize
5KB

MD5
9cc001f15adf6499883a1a1cb8777ef9

SHA1
2b88f450bea3cd9245ea4b0550a25b3cd315257d

SHA256
730b4331e4aff93fb784d2cf66e0c1edf8c394b76205dba1ae66343d4b2b33ba

SHA512
3d979247826b1518ad80357ef65d5a60af018f3ea1925bc8b63266f88c1415720cb1347b6a952bf5279fe353a1e724fa7ae5f7ad1d2ec90dd15913842e8316ed

Download Submit
\??\c:\windows\7afe0a68a1acc27eef5099cbe3156b0f.exe

Filesize
208KB

MD5
7afe0a68a1acc27eef5099cbe3156b0f

SHA1
e7c44f5e2e669c90d49fb77234cf3dfc0296fa29

SHA256
328d200ae92b359b071066bf4661b4f50990c3cd1ca465554913d622831f9220

SHA512
6533ac41b849a0795a3484a0d771c97cead01b99b67fa6a51469e21579f3bfe2581b8108a527cc619293a9a08a424a961bbb41ae5f1fe6acfdf10bc49cc94200

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads