Analysis

  • max time kernel
    141s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 10:11

General

  • Target

    1643175db955cfd54799ef910c474d6c.exe

  • Size

    5.5MB

  • MD5

    1643175db955cfd54799ef910c474d6c

  • SHA1

    34cfb75740bab67df7d23eee6200425d54e1ec58

  • SHA256

    6b75d14148d0e017235762b9d42cfa0c9c11567fe16887df68c7073fb9df033f

  • SHA512

    5afae28d6aef4318c1d7f8489a76ff88bf3c03e9dbc242325093a894e9648d8d4dede5acbc025c9b8809f92d0d6110a7707c1947d6722577c87b8a2eb5726288

  • SSDEEP

    98304:G+Uavwj2aotBTtpYQodXE4j1Xsxgqwy/ZMGvtDrHuzQTwT4kBTnR7HJRHgQq:dPaITtpYzJlj1XsxgE+qVsQZkDzJRK

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1643175db955cfd54799ef910c474d6c.exe
    "C:\Users\Admin\AppData\Local\Temp\1643175db955cfd54799ef910c474d6c.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of SetWindowsHookEx
    PID:4972

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\E_N4\krnln.fnr

          Filesize

          1.1MB

          MD5

          ad2b244ff72d939edbf0c4a6f09da3ee

          SHA1

          80c7f64507e056d481b2e0458d77bd4d054ba5c7

          SHA256

          dc2835daa19190c24b39df6bcb7e5f6c2a53d0103eb6d9eca9ec677030e92f2a

          SHA512

          a8be4be844f12624c2e5dacb060a7353f94bdbc6d9bd646bb698dd3519e2c64e513a15c10183152c5c658e7c844803dd7d172f39e075aa271a927345a8d55d2e

        • C:\Users\Admin\AppData\Local\Temp\E_N4\shell.fne

          Filesize

          40KB

          MD5

          070766440397d544a271c013c7e9c832

          SHA1

          b31487cdbe1f5ba749fab295e0671b01865bb0da

          SHA256

          f6d9d463d9a12503acac21c2ecac7c1af6dca66d19323831f308566163e57b86

          SHA512

          8b823defc99ef7b054e89788b25d3a0797529ffa8e48d6f4d66fc772b4a2f992a490076ee4037e65c7911626025aa32769a9cf253b81e74ed5cc0fd083308017

        • C:\Windows\SysWOW64\SkinH_EL.dll

          Filesize

          688KB

          MD5

          bd42ef63fc0f79fdaaeca95d62a96bbb

          SHA1

          97ca8ccb0e6f7ffeb05dc441b2427feb0b634033

          SHA256

          573cf4e4dfa8fe51fc8b80b79cd626cb861260d26b6e4f627841e11b4dce2f48

          SHA512

          431b5487003add16865538de428bf518046ee97ab6423d88f92cda4ff263f971c0cf3827049465b9288a219cc32698fd687939c7c648870dd7d8d6776735c93c

        • C:\Windows\SysWOW64\SkinH_EL.dll

          Filesize

          128KB

          MD5

          7a30aa57f27308df286299d79f870c2a

          SHA1

          aa662cb05197c51ee9c5dfdc13465cf17cfbfc38

          SHA256

          1262c94c1a5b382b6f3d94464dc0beb5f4882afcdcbfcf9a76d35a8c18e4586b

          SHA512

          2d440574525672a821a73461ae080d2a4676067c0237e1a19bd8c4c83e125fafa74dda0fe3791e36cf01299b0d19943e7897fd40c4bde07214167fcbc88a1c5e

        • memory/4972-0-0x0000000000400000-0x000000000073A000-memory.dmp

          Filesize

          3.2MB

        • memory/4972-18-0x0000000010000000-0x000000001011D000-memory.dmp

          Filesize

          1.1MB

        • memory/4972-26-0x0000000002420000-0x0000000002431000-memory.dmp

          Filesize

          68KB

        • memory/4972-32-0x0000000002B20000-0x0000000002BCF000-memory.dmp

          Filesize

          700KB