e2884b5661c11864376fd36dc47ef22e2f809c57529c4efe15131a64a7a38e6c

Analysis

max time kernel
119s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 19:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0e6c4a7c9b649b4b511b39a76248d506.exe
Size

4.4MB
MD5

0e6c4a7c9b649b4b511b39a76248d506
SHA1

6dab5f918c20d8f43f2052a1043f4a5387599fd1
SHA256

e2884b5661c11864376fd36dc47ef22e2f809c57529c4efe15131a64a7a38e6c
SHA512

71c5565ca2e5fbba1e987ad28e04480cca7caa6e2804742284f51c57fbc6401481835e78543cebf5484a4b8d5d8d0b96fbd70cded0c79c377d20dffeb7913da3
SSDEEP

49152:kqWJLFHPYzdVy43kz6rcViF9hBjSZxtvxPscNznmAMCz0BAjKWsl98Q1F0foUci0:kbzvYzCgHjSbscNCpBAjPogw9qa3IPk

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
2236	0e6c4a7c9b649b4b511b39a76248d506.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2236	0e6c4a7c9b649b4b511b39a76248d506.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2236	0e6c4a7c9b649b4b511b39a76248d506.exe

Suspicious use of WriteProcessMemory 49 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 2872	2236	0e6c4a7c9b649b4b511b39a76248d506.exe	28
PID 2236 wrote to memory of 2872	2236	0e6c4a7c9b649b4b511b39a76248d506.exe	28
PID 2236 wrote to memory of 2872	2236	0e6c4a7c9b649b4b511b39a76248d506.exe	28
PID 2236 wrote to memory of 2872	2236	0e6c4a7c9b649b4b511b39a76248d506.exe	28
PID 2236 wrote to memory of 2872	2236	0e6c4a7c9b649b4b511b39a76248d506.exe	28
PID 2236 wrote to memory of 2872	2236	0e6c4a7c9b649b4b511b39a76248d506.exe	28
PID 2236 wrote to memory of 2872	2236	0e6c4a7c9b649b4b511b39a76248d506.exe	28
PID 2236 wrote to memory of 2824	2236	0e6c4a7c9b649b4b511b39a76248d506.exe	29
PID 2236 wrote to memory of 2824	2236	0e6c4a7c9b649b4b511b39a76248d506.exe	29
PID 2236 wrote to memory of 2824	2236	0e6c4a7c9b649b4b511b39a76248d506.exe	29
PID 2236 wrote to memory of 2824	2236	0e6c4a7c9b649b4b511b39a76248d506.exe	29
PID 2236 wrote to memory of 2824	2236	0e6c4a7c9b649b4b511b39a76248d506.exe	29
PID 2236 wrote to memory of 2824	2236	0e6c4a7c9b649b4b511b39a76248d506.exe	29
PID 2236 wrote to memory of 2824	2236	0e6c4a7c9b649b4b511b39a76248d506.exe	29
PID 2236 wrote to memory of 2876	2236	0e6c4a7c9b649b4b511b39a76248d506.exe	30
PID 2236 wrote to memory of 2876	2236	0e6c4a7c9b649b4b511b39a76248d506.exe	30
PID 2236 wrote to memory of 2876	2236	0e6c4a7c9b649b4b511b39a76248d506.exe	30
PID 2236 wrote to memory of 2876	2236	0e6c4a7c9b649b4b511b39a76248d506.exe	30
PID 2236 wrote to memory of 2876	2236	0e6c4a7c9b649b4b511b39a76248d506.exe	30
PID 2236 wrote to memory of 2876	2236	0e6c4a7c9b649b4b511b39a76248d506.exe	30
PID 2236 wrote to memory of 2876	2236	0e6c4a7c9b649b4b511b39a76248d506.exe	30
PID 2236 wrote to memory of 2240	2236	0e6c4a7c9b649b4b511b39a76248d506.exe	31
PID 2236 wrote to memory of 2240	2236	0e6c4a7c9b649b4b511b39a76248d506.exe	31
PID 2236 wrote to memory of 2240	2236	0e6c4a7c9b649b4b511b39a76248d506.exe	31
PID 2236 wrote to memory of 2240	2236	0e6c4a7c9b649b4b511b39a76248d506.exe	31
PID 2236 wrote to memory of 2240	2236	0e6c4a7c9b649b4b511b39a76248d506.exe	31
PID 2236 wrote to memory of 2240	2236	0e6c4a7c9b649b4b511b39a76248d506.exe	31
PID 2236 wrote to memory of 2240	2236	0e6c4a7c9b649b4b511b39a76248d506.exe	31
PID 2236 wrote to memory of 2720	2236	0e6c4a7c9b649b4b511b39a76248d506.exe	32
PID 2236 wrote to memory of 2720	2236	0e6c4a7c9b649b4b511b39a76248d506.exe	32
PID 2236 wrote to memory of 2720	2236	0e6c4a7c9b649b4b511b39a76248d506.exe	32
PID 2236 wrote to memory of 2720	2236	0e6c4a7c9b649b4b511b39a76248d506.exe	32
PID 2236 wrote to memory of 2720	2236	0e6c4a7c9b649b4b511b39a76248d506.exe	32
PID 2236 wrote to memory of 2720	2236	0e6c4a7c9b649b4b511b39a76248d506.exe	32
PID 2236 wrote to memory of 2720	2236	0e6c4a7c9b649b4b511b39a76248d506.exe	32
PID 2236 wrote to memory of 2752	2236	0e6c4a7c9b649b4b511b39a76248d506.exe	33
PID 2236 wrote to memory of 2752	2236	0e6c4a7c9b649b4b511b39a76248d506.exe	33
PID 2236 wrote to memory of 2752	2236	0e6c4a7c9b649b4b511b39a76248d506.exe	33
PID 2236 wrote to memory of 2752	2236	0e6c4a7c9b649b4b511b39a76248d506.exe	33
PID 2236 wrote to memory of 2752	2236	0e6c4a7c9b649b4b511b39a76248d506.exe	33
PID 2236 wrote to memory of 2752	2236	0e6c4a7c9b649b4b511b39a76248d506.exe	33
PID 2236 wrote to memory of 2752	2236	0e6c4a7c9b649b4b511b39a76248d506.exe	33
PID 2236 wrote to memory of 2512	2236	0e6c4a7c9b649b4b511b39a76248d506.exe	34
PID 2236 wrote to memory of 2512	2236	0e6c4a7c9b649b4b511b39a76248d506.exe	34
PID 2236 wrote to memory of 2512	2236	0e6c4a7c9b649b4b511b39a76248d506.exe	34
PID 2236 wrote to memory of 2512	2236	0e6c4a7c9b649b4b511b39a76248d506.exe	34
PID 2236 wrote to memory of 2512	2236	0e6c4a7c9b649b4b511b39a76248d506.exe	34
PID 2236 wrote to memory of 2512	2236	0e6c4a7c9b649b4b511b39a76248d506.exe	34
PID 2236 wrote to memory of 2512	2236	0e6c4a7c9b649b4b511b39a76248d506.exe	34

C:\Users\Admin\AppData\Local\Temp\0e6c4a7c9b649b4b511b39a76248d506.exe
"C:\Users\Admin\AppData\Local\Temp\0e6c4a7c9b649b4b511b39a76248d506.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Windows\SysWOW64\regsvr32.exe
  regsvr32.exe "C:\Users\Admin\AppData\Local\Temp\data\Codejock.Controls.Unicode.v12.0.2.ocx" /s
  2⤵
  PID:2872
- C:\Windows\SysWOW64\regsvr32.exe
  regsvr32.exe "C:\Users\Admin\AppData\Local\Temp\data\Codejock.SkinFramework.v12.0.2.ocx" /s
  2⤵
  PID:2824
- C:\Windows\SysWOW64\regsvr32.exe
  regsvr32.exe "C:\Users\Admin\AppData\Local\Temp\data\MSCOMCTL.OCX" /s
  2⤵
  PID:2876
- C:\Windows\SysWOW64\regsvr32.exe
  regsvr32.exe "C:\Users\Admin\AppData\Local\Temp\data\MSDATGRD.OCX" /s
  2⤵
  PID:2240
- C:\Windows\SysWOW64\regsvr32.exe
  regsvr32.exe "C:\Users\Admin\AppData\Local\Temp\data\mswinsck.ocx" /s
  2⤵
  PID:2720
- C:\Windows\SysWOW64\regsvr32.exe
  regsvr32.exe "C:\Users\Admin\AppData\Local\Temp\data\RICHTX32.OCX" /s
  2⤵
  PID:2752
- C:\Windows\SysWOW64\regsvr32.exe
  regsvr32.exe "C:\Users\Admin\AppData\Local\Temp\data\MSINET.OCX" /s
  2⤵
  PID:2512

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2236-0-0x0000000000400000-0x0000000001056000-memory.dmp

Filesize
12.3MB

Download
memory/2236-1-0x0000000077370000-0x0000000077371000-memory.dmp

Filesize
4KB

Download
memory/2236-3-0x0000000077370000-0x0000000077371000-memory.dmp

Filesize
4KB

Download
memory/2236-4-0x00000000771FF000-0x0000000077200000-memory.dmp

Filesize
4KB

Download
memory/2236-6-0x0000000077370000-0x0000000077371000-memory.dmp

Filesize
4KB

Download
memory/2236-12-0x0000000077370000-0x0000000077371000-memory.dmp

Filesize
4KB

Download
memory/2236-10-0x0000000077370000-0x0000000077371000-memory.dmp

Filesize
4KB

Download
memory/2236-13-0x00000000771FF000-0x0000000077200000-memory.dmp

Filesize
4KB

Download
memory/2236-8-0x0000000077370000-0x0000000077371000-memory.dmp

Filesize
4KB

Download
memory/2236-15-0x0000000077370000-0x0000000077371000-memory.dmp

Filesize
4KB

Download
memory/2236-20-0x00000000771FF000-0x0000000077200000-memory.dmp

Filesize
4KB

Download
memory/2236-21-0x0000000077200000-0x0000000077201000-memory.dmp

Filesize
4KB

Download
memory/2236-22-0x0000000002BD0000-0x0000000002D23000-memory.dmp

Filesize
1.3MB

Download
memory/2236-19-0x0000000077370000-0x0000000077371000-memory.dmp

Filesize
4KB

Download
memory/2236-27-0x0000000002BD0000-0x0000000002D23000-memory.dmp

Filesize
1.3MB

Download
memory/2236-17-0x0000000077370000-0x0000000077371000-memory.dmp

Filesize
4KB

Download
memory/2236-28-0x0000000000400000-0x0000000001056000-memory.dmp

Filesize
12.3MB

Download
memory/2236-31-0x0000000000400000-0x0000000001056000-memory.dmp

Filesize
12.3MB

Download
memory/2236-32-0x0000000000400000-0x0000000001056000-memory.dmp

Filesize
12.3MB

Download