e8ad13f1f12027670ed2a01249e45ee65b38accbddd3ec2473c8d919c5bea5ba

Analysis

max time kernel
117s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 00:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1e8ba02d6dbbede5b548b8dd300e63fd.exe
Size

570KB
MD5

1e8ba02d6dbbede5b548b8dd300e63fd
SHA1

c5fc1c269422d266b202bec97593ff24cb90986c
SHA256

e8ad13f1f12027670ed2a01249e45ee65b38accbddd3ec2473c8d919c5bea5ba
SHA512

b4db434f23797825d57710ed70206938e56aab32bc76667fdcef350c492ab291ebd5e9a52bad1eedc9da5eda2155ff47e70c991182830648378a849c71975867
SSDEEP

12288:6wwIXw0bdyx98oWOU1ZIH5JsXXFJ6upKIgpWy/XZT9KFun3aHv:bW2oWOQZIyFJjUINFHv

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2400	stdrt.exe

Loads dropped DLL 7 IoCs

pid	Process
2144	1e8ba02d6dbbede5b548b8dd300e63fd.exe
2144	1e8ba02d6dbbede5b548b8dd300e63fd.exe
2400	stdrt.exe
2400	stdrt.exe
2400	stdrt.exe
2400	stdrt.exe
2400	stdrt.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2400	stdrt.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2400	stdrt.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2144 wrote to memory of 2400	2144	1e8ba02d6dbbede5b548b8dd300e63fd.exe	28
PID 2144 wrote to memory of 2400	2144	1e8ba02d6dbbede5b548b8dd300e63fd.exe	28
PID 2144 wrote to memory of 2400	2144	1e8ba02d6dbbede5b548b8dd300e63fd.exe	28
PID 2144 wrote to memory of 2400	2144	1e8ba02d6dbbede5b548b8dd300e63fd.exe	28

C:\Users\Admin\AppData\Local\Temp\1e8ba02d6dbbede5b548b8dd300e63fd.exe
"C:\Users\Admin\AppData\Local\Temp\1e8ba02d6dbbede5b548b8dd300e63fd.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2144
- C:\Users\Admin\AppData\Local\Temp\mrt81DD.tmp\stdrt.exe
  "C:\Users\Admin\AppData\Local\Temp\mrt81DD.tmp\stdrt.exe" /SF "C:\Users\Admin\AppData\Local\Temp\1e8ba02d6dbbede5b548b8dd300e63fd.exe" /SO94208
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2400

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\mrt81DD.tmp\KcButton.mfx

Filesize
32KB

MD5
981b62baa4ac4aad329642e016159d8c

SHA1
3f5dae05533f2a52335490b0a68ce96fb09bdc9f

SHA256
9b93a9e90b6fbf3348aaae664a3f97dc333056578e49073a832776be8a795781

SHA512
5b0adb3a5a833a8cb416b9b83000318bc53b2a5702cafbec3508bfcbf9dad04407bf68a545a4a0cb52243fbcec2e72a191ffc17d38acc434828d6988a5161e39

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt81DD.tmp\MMFS2.dll

Filesize
300KB

MD5
dbcef0cd8920d7a0cf169855aa30f1cb

SHA1
076c4a714e83f044a73402247c2a4dd08404b003

SHA256
aa7ade3f5371de11e3a8ed3a794dfae4273b555a08fe1937e5ef2d8c689cf457

SHA512
80f55a0a87bb74e1f00ff6bb7b6d0c0e2af3f44af81064560e49276827faad59a8c41b7ab5fd179e2e2f218eb09ee6a3a8e14973367057e91651a9b893c92077

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt81DD.tmp\kccombo.mfx

Filesize
28KB

MD5
2fe437564285388deb52dc3c69c90ce3

SHA1
934a223aff9bb302cd4ceebdef3f1e81cf4970e9

SHA256
9bb97bd9350f76458b2e7ce0395b2026d3bf902de24e88d3e96343ebd3163e7e

SHA512
9219ac527f373bba7e7e71960c8530d3e74d82f088424afa2272ed210027a7ad68ad0829c84c4f8bbc89a1e95cf2aafc6c6935cf8c8c23e41468b2f0c13ec1ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt81DD.tmp\kcedit.mfx

Filesize
28KB

MD5
fe2e1a5b45e0d2cc58f4825eed62920a

SHA1
e8b22ecaece7f456c5f9964046a98c566a79ccb1

SHA256
97f8491a411dcd834813c9ac799655395ac55b1664fd9dcbe052edf4c373c7c8

SHA512
98ab5d8ff994cfd9c74ff8f4d5868662416610f05959fce789801e62c1b8a967fa358936432dc0e048882921105771df01ccb3504097bae186157f84cf1254b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt81DD.tmp\kcplugin.mfx

Filesize
24KB

MD5
d9a09d2a27e09306066749abac1d5dce

SHA1
143e934782eaed98e4afb27891d0b0aede711d5a

SHA256
2f7b9104afd9170f470237948fee2cdf0d5e5c5788ff4fad6755a02696920e15

SHA512
b0d7e5674034d0071044c77d2a763d70dc28601a539b56df897d8c0232f0d052a116ad528be1396d7f25f3479ac5ac963028fb0f12e5f547c246eb8e1241f176

Download Submit
\Users\Admin\AppData\Local\Temp\mrt81DD.tmp\stdrt.exe

Filesize
340KB

MD5
488d221e978b1a5fb16cc7452f03e4bb

SHA1
eea126d1cfd3fd0de9e3e37f3c9a4b6ed1534d7f

SHA256
403b12047d1fc11aa70d98eaca913e26c05837b5bc147a4f56a10a22f1a8a1cb

SHA512
f4260ec3fabbf0eca4d4bab51c67f72cb2d76b837deba68dcd2641deb0a83bdd1e1e944fda4e52ace8e9038db01dac69ac90d8a5cbf5eeb2e262342d6bbd31c2

Download Submit