Overview

overview

7

Static

static

3

05887e2821...81.exe

windows7-x64

7

05887e2821...81.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    24-12-2023 16:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    05887e2821e5c54f6a25ccbc13b49b81.exe

  • Size

    172KB

  • MD5

    05887e2821e5c54f6a25ccbc13b49b81

  • SHA1

    af0bdf83a7a1907cbd8195b6d9f33b0bab27acf6

  • SHA256

    8aecd17184535e3d71322a0a8b88b91902be1156bfaa9862cc33cf5fba666339

  • SHA512

    e1eb38b694994ec20be9d69429adb53846f1873392ffee510b25f55bc2a6a2cc537e1567507b1b44b389b6f98723c13ceba210fcb1b81c028890db68f410a2b7

  • SSDEEP

    1536:hOkGNL/GIG8q2uef8Tr1UZfk7oSG8q2uef8G+L/HGxI:hExGTyZdtGamO

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 3 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\05887e2821e5c54f6a25ccbc13b49b81.exe
    "C:\Users\Admin\AppData\Local\Temp\05887e2821e5c54f6a25ccbc13b49b81.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in System32 directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:816
    • C:\windows\SysWOW64\Wind0ws32.exe
      C:\windows\system32\Wind0ws32.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:1040

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\Wind0ws32.exe
    Filesize

    172KB

    MD5

    05887e2821e5c54f6a25ccbc13b49b81

    SHA1

    af0bdf83a7a1907cbd8195b6d9f33b0bab27acf6

    SHA256

    8aecd17184535e3d71322a0a8b88b91902be1156bfaa9862cc33cf5fba666339

    SHA512

    e1eb38b694994ec20be9d69429adb53846f1873392ffee510b25f55bc2a6a2cc537e1567507b1b44b389b6f98723c13ceba210fcb1b81c028890db68f410a2b7

    Download Submit

  • \Windows\SysWOW64\Wind0ws32.exe
    Filesize

    139KB

    MD5

    8262b8ad3fd7b5e8c91fb7303adf2048

    SHA1

    9274c6d6801fa68a466f034e25c0544d04a62215

    SHA256

    a04f82f2a2ff424ce7b109309dc144ca1f4eb134300ed71c751468b8e013fc28

    SHA512

    ef2d7b3fb94658ae1ba4617dea3c4b304489a6055415ec473d4128904bdb78949745560ae40135c9e13dc7219bf60ae3b37522c4c22266daba4de92a2bff52bc

    Download Submit