Analysis

  • max time kernel
    122s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    22/12/2023, 12:52

General

  • Target

    90b756764ad408cdd3ac6cafb7c1bfb8.exe

  • Size

    6.2MB

  • MD5

    90b756764ad408cdd3ac6cafb7c1bfb8

  • SHA1

    94cd07535f0f613f5d38fa23b7c970adbe7b4823

  • SHA256

    a9db58e1f44a7fb8dbd4551d33befb2296cbe0d4fd1e4686b0384d4adabc5cf8

  • SHA512

    51f9f96f800175ca58acacebaf047eefbe64a93e9202e5a53ba52f6818bb911bdba999f082aded24d290b31ba64d3a15c8412ed74b8e860ee48bc93cc5f4e700

  • SSDEEP

    196608:tBJwk8uCfNP2BqikjY+03zs1tRB4r8ZxzX:trV8ua8Tkj6Y1t8ar

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • VMProtect packed file 13 IoCs

    Detects executables packed with VMProtect commercial packer.

  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious use of FindShellTrayWindow 7 IoCs
  • Suspicious use of SendNotifyMessage 7 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\90b756764ad408cdd3ac6cafb7c1bfb8.exe
    "C:\Users\Admin\AppData\Local\Temp\90b756764ad408cdd3ac6cafb7c1bfb8.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3016
    • C:\Users\Admin\AppData\Local\Temp\1B0D0F0B120E156F155F15D0F0B160C0C160B.exe
      C:\Users\Admin\AppData\Local\Temp\1B0D0F0B120E156F155F15D0F0B160C0C160B.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:2776

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\1B0D0F0B120E156F155F15D0F0B160C0C160B.exe

          Filesize

          4KB

          MD5

          44982bcbd3a2451db80c6281c210b8cd

          SHA1

          1a0f4f39f033e2d344a99fbc70c64c0b9ccf4005

          SHA256

          151a693bdc7be9d953c138a3fa3ca831a52435086cf38ba1545d4a5295e3903b

          SHA512

          6b1140b1ea4ac58f724771d7016641cdf02d6a22269fc6cc54b1589feb873840233648d1e254e32b818d048f3c4b7c088df34e22b36e0f2e26e9b6cbd4fff03b

        • C:\Users\Admin\AppData\Local\Temp\1B0D0F0B120E156F155F15D0F0B160C0C160B.exe

          Filesize

          120B

          MD5

          2d3f65b69bf57e23f27cb3cf549f7e3f

          SHA1

          54bffeb759310d5fa08c4054ef02e07ab76cb426

          SHA256

          c09160b7f4cc97f76cf159c680364cd6874e799c1a68168a532234c07d8cb868

          SHA512

          510b6145cafa11deea7428b6f30134785825862cc3d620183ebc370a1c679f6f7cb93a3d47c102980e14f8ec9d5775739d812b4790287532ba244b387499e2d3

        • C:\Users\Admin\AppData\Local\Temp\1B0D0F0B120E156F155F15D0F0B160C0C160B.exe

          Filesize

          120KB

          MD5

          7359109ead98380983e77bac5fb4eb5a

          SHA1

          2157a844342aeb4c46fb1ec89d34cd8160ea9205

          SHA256

          583b2c7cda8898ea5b664810c91b86ba1b012e098e97b4226db6d8d05825bb33

          SHA512

          0cefd67cc64bbeb97b797bab2d087d28a1d1804aa860bef34fbd00b8540a326c64505d7f429d8f7a1c9011a106495bd0648039bce73fcafeec8354e70d6bfe92

        • \Users\Admin\AppData\Local\Temp\1B0D0F0B120E156F155F15D0F0B160C0C160B.exe

          Filesize

          611KB

          MD5

          4d44c43792556837c7b08e4ceee83cb6

          SHA1

          46e635f2439ca2bdad3bf49e525f1a462f16bc65

          SHA256

          5c2bc92ec2efcb73d5fdc580d84704dd97ecaa5f2d617c85b2708bf43aa31683

          SHA512

          7bc7ef88779d16311275a1eb5fd2010fdb20ba1560146935136f14a4e18f9b774163c52dcf49fced07f3ce3e01025892c292a55b2842538620c99eede9a579fc

        • \Users\Admin\AppData\Local\Temp\1B0D0F0B120E156F155F15D0F0B160C0C160B.exe

          Filesize

          580KB

          MD5

          bc066787d7b5c455304233759bd2fb2b

          SHA1

          734c31a1b9948c110326bbd41023f74bc0373561

          SHA256

          59f0b9086bb60c3298e115a34b1686bfe4cf046e7d0661e8c6d85ef5a1e59287

          SHA512

          cc88084303b78bf309f4de569da0e19058a91f7b4c4d54bb120984b91211df35439c73ea511b0c6b4dcce64a65bb8785dc7f0e79ab3e37d379a7aad27361f30a

        • \Users\Admin\AppData\Roaming\testing.dat

          Filesize

          217KB

          MD5

          ef65c95d77b45554b88292633dfe011c

          SHA1

          1ed63a17fc2752d2b2c9bec1b5bbad95886916d9

          SHA256

          a8b8abfa22fd6785a37e866a416a5d498ffbf16c179fb2face23270ad9d79cbf

          SHA512

          2d86826a4f0412b384e354f6dec02f20fc9fc19b63589bd7748bf16eb785233808e7be902161e38beee54b02773434f367acc33293fa3ec9f0afe04547d836fb

        • memory/2776-14-0x0000000000400000-0x0000000001567000-memory.dmp

          Filesize

          17.4MB

        • memory/2776-16-0x0000000000400000-0x0000000001567000-memory.dmp

          Filesize

          17.4MB

        • memory/2776-26-0x0000000074860000-0x0000000074B8D000-memory.dmp

          Filesize

          3.2MB

        • memory/2776-31-0x0000000000400000-0x0000000001567000-memory.dmp

          Filesize

          17.4MB

        • memory/3016-13-0x0000000006D60000-0x0000000007EC7000-memory.dmp

          Filesize

          17.4MB

        • memory/3016-0-0x0000000000400000-0x0000000001567000-memory.dmp

          Filesize

          17.4MB

        • memory/3016-15-0x0000000006D60000-0x0000000007EC7000-memory.dmp

          Filesize

          17.4MB

        • memory/3016-19-0x0000000000400000-0x0000000001567000-memory.dmp

          Filesize

          17.4MB

        • memory/3016-1-0x0000000000400000-0x0000000001567000-memory.dmp

          Filesize

          17.4MB