Overview

overview

7

Static

static

3

0ffb3f7123...6c.exe

windows7-x64

7

0ffb3f7123...6c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    178s
  • max time network
    216s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 07:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0ffb3f71239a5f59572a9e397bb9e46c.exe

  • Size

    596KB

  • MD5

    0ffb3f71239a5f59572a9e397bb9e46c

  • SHA1

    dcb0452c9a066481abb9592efd602122fb85e79c

  • SHA256

    8629295fccb643127d6684d1670e6d6ade434c83822a746eb2592229c96b444a

  • SHA512

    a2158d938492ebce020f1f4a0222915ae4187b64a7ce1f8ded5e78445fe1a4c4c8f6dc22e5490a9a53a81383dcca372ce563168550156a8da9b038b193adf8f0

  • SSDEEP

    12288:Raad5YgOr8vvvvvEvvvvvARkU8aaF471aEA88MR4713wzMyaahwYhV6:RaaddOwkU8aaF471aEA814713wvaahr6

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0ffb3f71239a5f59572a9e397bb9e46c.exe
    "C:\Users\Admin\AppData\Local\Temp\0ffb3f71239a5f59572a9e397bb9e46c.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of SetWindowsHookEx
    PID:416

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\oledsp32.dll
    Filesize

    25KB

    MD5

    26f30e177d62e78e82b1b550868ff3ba

    SHA1

    9eb0f346ff80be8e0c072b8508f39527982fa64b

    SHA256

    c533d2dd651df0c1a97c7b0e5784b9a42a58e5e64115b540e8c521cbd192e1ca

    SHA512

    9948211e30ce42860adf23a80b2c2f25397311ec699999d42466ef46d1ae79c883393f0bcefbbcbf5ecd6a6c6d36d99c4a38631a5144506efab76dbcb01f29c9

    Download Submit

  • memory/416-0-0x0000000000400000-0x0000000000495000-memory.dmp

    Filesize

    596KB

    Download

  • memory/416-5-0x0000000010000000-0x000000001000F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/416-9-0x0000000000400000-0x0000000000495000-memory.dmp

    Filesize

    596KB

    Download

  • memory/416-10-0x0000000010000000-0x000000001000F000-memory.dmp

    Filesize

    60KB

    Download