Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
23/12/2023, 14:09
Behavioral task
behavioral1
Sample
67dcf41c2dd2e6f3b33501435fd388d451c328adbf12f5826efc65fa7cbee53e.exe
Resource
win7-20231215-en
5 signatures
150 seconds
General
-
Target
67dcf41c2dd2e6f3b33501435fd388d451c328adbf12f5826efc65fa7cbee53e.exe
-
Size
14.6MB
-
MD5
c6653a5e82a9fd9864389b43eec30bef
-
SHA1
759f577cd632491de1bf860738f7ba16240a874a
-
SHA256
67dcf41c2dd2e6f3b33501435fd388d451c328adbf12f5826efc65fa7cbee53e
-
SHA512
d868ff2d57a8246d64b8daabf36c955f3df07a73628ae9adfa1d1426e74dcc79cc4903598cc77c99fcbbf6722a51abba569f0497310fe5ab4e91936daa881a6d
-
SSDEEP
393216:7ChEgRpcSDobY3KfDImfQOERvz+vTrG9gLP/ojd:7CwSDtTuQnRb0TrhLojd
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/5036-13-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/5036-21-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/5036-35-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/5036-45-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/5036-48-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/5036-53-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/5036-55-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/5036-57-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/5036-51-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/5036-43-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/5036-41-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/5036-39-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/5036-37-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/5036-33-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/5036-31-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/5036-29-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/5036-27-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/5036-25-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/5036-23-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/5036-19-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/5036-17-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/5036-15-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/5036-12-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/5036-59-0x0000000010000000-0x000000001003E000-memory.dmp upx -
resource yara_rule behavioral2/memory/5036-3-0x0000000000400000-0x0000000001E87000-memory.dmp vmprotect behavioral2/memory/5036-58-0x0000000000400000-0x0000000001E87000-memory.dmp vmprotect -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 5036 67dcf41c2dd2e6f3b33501435fd388d451c328adbf12f5826efc65fa7cbee53e.exe 5036 67dcf41c2dd2e6f3b33501435fd388d451c328adbf12f5826efc65fa7cbee53e.exe 5036 67dcf41c2dd2e6f3b33501435fd388d451c328adbf12f5826efc65fa7cbee53e.exe 5036 67dcf41c2dd2e6f3b33501435fd388d451c328adbf12f5826efc65fa7cbee53e.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 5036 67dcf41c2dd2e6f3b33501435fd388d451c328adbf12f5826efc65fa7cbee53e.exe 5036 67dcf41c2dd2e6f3b33501435fd388d451c328adbf12f5826efc65fa7cbee53e.exe 5036 67dcf41c2dd2e6f3b33501435fd388d451c328adbf12f5826efc65fa7cbee53e.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\67dcf41c2dd2e6f3b33501435fd388d451c328adbf12f5826efc65fa7cbee53e.exe"C:\Users\Admin\AppData\Local\Temp\67dcf41c2dd2e6f3b33501435fd388d451c328adbf12f5826efc65fa7cbee53e.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5036