Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
22/12/2023, 12:52
Behavioral task
behavioral1
Sample
90b756764ad408cdd3ac6cafb7c1bfb8.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
90b756764ad408cdd3ac6cafb7c1bfb8.exe
Resource
win10v2004-20231215-en
General
-
Target
90b756764ad408cdd3ac6cafb7c1bfb8.exe
-
Size
6.2MB
-
MD5
90b756764ad408cdd3ac6cafb7c1bfb8
-
SHA1
94cd07535f0f613f5d38fa23b7c970adbe7b4823
-
SHA256
a9db58e1f44a7fb8dbd4551d33befb2296cbe0d4fd1e4686b0384d4adabc5cf8
-
SHA512
51f9f96f800175ca58acacebaf047eefbe64a93e9202e5a53ba52f6818bb911bdba999f082aded24d290b31ba64d3a15c8412ed74b8e860ee48bc93cc5f4e700
-
SSDEEP
196608:tBJwk8uCfNP2BqikjY+03zs1tRB4r8ZxzX:trV8ua8Tkj6Y1t8ar
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1076 1E0A0D0F120B156C155B15C0A0D160B0F160E.exe -
Loads dropped DLL 1 IoCs
pid Process 1076 1E0A0D0F120B156C155B15C0A0D160B0F160E.exe -
resource yara_rule behavioral2/memory/1476-0-0x0000000000400000-0x0000000001567000-memory.dmp vmprotect behavioral2/memory/1476-1-0x0000000000400000-0x0000000001567000-memory.dmp vmprotect behavioral2/files/0x0008000000023233-8.dat vmprotect behavioral2/files/0x0008000000023233-7.dat vmprotect behavioral2/memory/1076-9-0x0000000000400000-0x0000000001567000-memory.dmp vmprotect behavioral2/memory/1076-10-0x0000000000400000-0x0000000001567000-memory.dmp vmprotect behavioral2/memory/1476-13-0x0000000000400000-0x0000000001567000-memory.dmp vmprotect behavioral2/files/0x000700000002323a-16.dat vmprotect behavioral2/memory/1076-20-0x0000000072FB0000-0x00000000732DD000-memory.dmp vmprotect behavioral2/memory/1076-25-0x0000000000400000-0x0000000001567000-memory.dmp vmprotect -
Suspicious behavior: EnumeratesProcesses 28 IoCs
pid Process 1476 90b756764ad408cdd3ac6cafb7c1bfb8.exe 1476 90b756764ad408cdd3ac6cafb7c1bfb8.exe 1476 90b756764ad408cdd3ac6cafb7c1bfb8.exe 1476 90b756764ad408cdd3ac6cafb7c1bfb8.exe 1476 90b756764ad408cdd3ac6cafb7c1bfb8.exe 1476 90b756764ad408cdd3ac6cafb7c1bfb8.exe 1476 90b756764ad408cdd3ac6cafb7c1bfb8.exe 1476 90b756764ad408cdd3ac6cafb7c1bfb8.exe 1476 90b756764ad408cdd3ac6cafb7c1bfb8.exe 1476 90b756764ad408cdd3ac6cafb7c1bfb8.exe 1476 90b756764ad408cdd3ac6cafb7c1bfb8.exe 1476 90b756764ad408cdd3ac6cafb7c1bfb8.exe 1076 1E0A0D0F120B156C155B15C0A0D160B0F160E.exe 1076 1E0A0D0F120B156C155B15C0A0D160B0F160E.exe 1076 1E0A0D0F120B156C155B15C0A0D160B0F160E.exe 1076 1E0A0D0F120B156C155B15C0A0D160B0F160E.exe 1076 1E0A0D0F120B156C155B15C0A0D160B0F160E.exe 1076 1E0A0D0F120B156C155B15C0A0D160B0F160E.exe 1076 1E0A0D0F120B156C155B15C0A0D160B0F160E.exe 1076 1E0A0D0F120B156C155B15C0A0D160B0F160E.exe 1076 1E0A0D0F120B156C155B15C0A0D160B0F160E.exe 1076 1E0A0D0F120B156C155B15C0A0D160B0F160E.exe 1076 1E0A0D0F120B156C155B15C0A0D160B0F160E.exe 1076 1E0A0D0F120B156C155B15C0A0D160B0F160E.exe 1076 1E0A0D0F120B156C155B15C0A0D160B0F160E.exe 1076 1E0A0D0F120B156C155B15C0A0D160B0F160E.exe 1076 1E0A0D0F120B156C155B15C0A0D160B0F160E.exe 1076 1E0A0D0F120B156C155B15C0A0D160B0F160E.exe -
Suspicious use of FindShellTrayWindow 7 IoCs
pid Process 1076 1E0A0D0F120B156C155B15C0A0D160B0F160E.exe 1076 1E0A0D0F120B156C155B15C0A0D160B0F160E.exe 1076 1E0A0D0F120B156C155B15C0A0D160B0F160E.exe 1076 1E0A0D0F120B156C155B15C0A0D160B0F160E.exe 1076 1E0A0D0F120B156C155B15C0A0D160B0F160E.exe 1076 1E0A0D0F120B156C155B15C0A0D160B0F160E.exe 1076 1E0A0D0F120B156C155B15C0A0D160B0F160E.exe -
Suspicious use of SendNotifyMessage 7 IoCs
pid Process 1076 1E0A0D0F120B156C155B15C0A0D160B0F160E.exe 1076 1E0A0D0F120B156C155B15C0A0D160B0F160E.exe 1076 1E0A0D0F120B156C155B15C0A0D160B0F160E.exe 1076 1E0A0D0F120B156C155B15C0A0D160B0F160E.exe 1076 1E0A0D0F120B156C155B15C0A0D160B0F160E.exe 1076 1E0A0D0F120B156C155B15C0A0D160B0F160E.exe 1076 1E0A0D0F120B156C155B15C0A0D160B0F160E.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 1476 90b756764ad408cdd3ac6cafb7c1bfb8.exe 1476 90b756764ad408cdd3ac6cafb7c1bfb8.exe 1076 1E0A0D0F120B156C155B15C0A0D160B0F160E.exe 1076 1E0A0D0F120B156C155B15C0A0D160B0F160E.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1476 wrote to memory of 1076 1476 90b756764ad408cdd3ac6cafb7c1bfb8.exe 92 PID 1476 wrote to memory of 1076 1476 90b756764ad408cdd3ac6cafb7c1bfb8.exe 92 PID 1476 wrote to memory of 1076 1476 90b756764ad408cdd3ac6cafb7c1bfb8.exe 92
Processes
-
C:\Users\Admin\AppData\Local\Temp\90b756764ad408cdd3ac6cafb7c1bfb8.exe"C:\Users\Admin\AppData\Local\Temp\90b756764ad408cdd3ac6cafb7c1bfb8.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1476 -
C:\Users\Admin\AppData\Local\Temp\1E0A0D0F120B156C155B15C0A0D160B0F160E.exeC:\Users\Admin\AppData\Local\Temp\1E0A0D0F120B156C155B15C0A0D160B0F160E.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1076
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1016KB
MD523dc4d75bd4f4f1e1942742cc70de311
SHA1e5118a424792ebd533ffad846d221f9f1a272254
SHA2561283568f754be312fb00929a0ab89b5090a4bcbf45406074c8267f061ba99eb7
SHA512c1832b523e353bd9d2969600649027683d2ce9f1b5c237d3402f1e9f3f53b7178f8a58d765a10c8aa91676f957df8a186b056ed13d61019d568faaa22b0f1a80
-
Filesize
792KB
MD54174fbfce638df328e2dab0359587ffd
SHA1401451b22f6cbba8c8cde28d62b14ab6109631be
SHA25666a2d18f1e413d8a05d03a5faec2401001793ae5076fa43366afe1bb8fcd068b
SHA51280ea0fd7180202d2bb8855e4953a3b02d4dca33f900e1da33806d98717898ad427a773d3896901b920d370339ad8660c1c3aa362990fd0456d2d8c957c61e1a7
-
Filesize
278KB
MD56533d39141dc1398e19c1fbc1a36b5d1
SHA13a2c56f97303f9ab5bb0f7b9adb71bdd468c340e
SHA256810e007bfce6c33b979068b5c7af5f8ea67e900f2d484d46c31e3cd290aec475
SHA51256e5affef615f7b256c7e9285bf406772337222c33e79802c05df1fbd44e130b51571b3ddc5b3d95010f93f706874ce4464a53738babfec30d96612b76ded38e