Overview

overview

8

Static

static

3

12f2d1ffd8...bb.exe

windows7-x64

8

12f2d1ffd8...bb.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    144s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/12/2023, 21:27

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    12f2d1ffd870fb808bc34f18c79c53bb.exe

  • Size

    412KB

  • MD5

    12f2d1ffd870fb808bc34f18c79c53bb

  • SHA1

    f7f1381f36e1fafb822aa3e53b66ab099118af5e

  • SHA256

    a54d89ded3ea5e97d054324c264ed8f5fb7237b573009e0a4b58121d6e459b75

  • SHA512

    798d5f1873d1edcd53fa5e6ee45ef5e37516fe58ef6f49d96cf91102bd20f4ae9bae7e5aa491f8bb6aa1c85373efbb82bd71b228987046c5732fff3c29a32381

  • SSDEEP

    6144:gSf6p0X4qumAxSRLnoPhL20gKc1ilJPZNkCLNr3Kr/u2x58uncuCKWYyYCcFV4ry:gp06UI9gKcaLLSdCKqYCemfxDIz

Score
8/10

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\12f2d1ffd870fb808bc34f18c79c53bb.exe
    "C:\Users\Admin\AppData\Local\Temp\12f2d1ffd870fb808bc34f18c79c53bb.exe"
    1⤵
    • Drops file in Drivers directory
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:5012
    • \??\c:\program files\Realplayer\lpszRootPath\points.exe
      "c:\program files\Realplayer\lpszRootPath\points.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:3204

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files\Realplayer\lpszRootPath\points.exe
          Filesize

          86KB

          MD5

          35046d1982b67254227902ed234f99ff

          SHA1

          a9f6776cab07dee07a18e2c912f97f092b64be65

          SHA256

          1e0a76637973d96991df280533b6e51b87a339235bbb882717d4fb8709cb01c5

          SHA512

          322120c3ee9acb3630b462623b8f968af2acf9c8406c97cbcc70412db0ae37aaad70fc713d9d9ec530b5061a8e461c1b992397d9049d23dfcc1d12aed5285186

          Download Submit

        • \??\c:\program files\Realplayer\lpszRootPath\points.exe
          Filesize

          169KB

          MD5

          130387b8e6fd83e72a9da68160e3288a

          SHA1

          d317be4771373f7ad98917acbf9bd3ba4f84b740

          SHA256

          1bb64c2ea97c89706754536f6323de5edd30408dafe0c516672ba451ef2a6d42

          SHA512

          f5b9d8c18fc3bdee142d2f7910f93bc3cf154b785c0df9a74ed282cf2b62c43383468d21e0734e88a1befda7332d63e3d73668f6e8654410c96dd10ce731a8a7

          Download Submit