Overview

overview

7

Static

static

3

1594805542...32.exe

windows7-x64

7

1594805542...32.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-12-2023 09:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1594805542139a1a3c2cbb4198c6a132.exe

  • Size

    1.8MB

  • MD5

    1594805542139a1a3c2cbb4198c6a132

  • SHA1

    25e80281c412b64a77851c5a1b0c20e9f71f2d6f

  • SHA256

    e6e87c97aac2106d9628c18356e9251bfcca7a8c6ee32dd32bdbc90db2bacbee

  • SHA512

    4319312d187f8e5c8c2f9d557d6967677179d20df63065c719ff2e02ed69401b792ac8cdcf4580b7dc594edd1b7637f506df776afa2af4c95d4572f23a9cb67e

  • SSDEEP

    49152:GkZIZRu9fg2ZSy2BqmdEPMsziQfiM61GRSgVmd:lf1aB1EEszFqd1GRRVm

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\patched.exe
    C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\patched.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetWindowsHookEx
    PID:1792
  • C:\Users\Admin\AppData\Local\Temp\1594805542139a1a3c2cbb4198c6a132.exe
    "C:\Users\Admin\AppData\Local\Temp\1594805542139a1a3c2cbb4198c6a132.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2216

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\patched.exe
    Filesize

    384KB

    MD5

    e4093ea08a30539f80c1ebe0275431b1

    SHA1

    6e0d16eb145174651d734b5ebfb22dbbfff63e4e

    SHA256

    2517281fff24ac1c41f41d79887ecc3b53863e0487a29eecb56ba926280d486a

    SHA512

    35dd518d3bf11ac6378e2f390967abd79d450f525ef26e2f8244cf2bf7de206ec551b1b58587adcae9ec70d5e479f398b2a8d931bfb07d74ce19118c2eacb3a8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\patched.exe
    Filesize

    385KB

    MD5

    b5d0bbe8208cbc7b5bfa73ebd3d48f7e

    SHA1

    40a09b6af93097e2fe4baa8918ce8f9b1ee790b9

    SHA256

    afe296786742af3ad366a0aa8d263e253a01b007780239f0c5a3dab1e7789c3e

    SHA512

    339b88396bf8750989a80111d1522d8b5ea0a86d764c2721b4eb180123db8475e9ba039a7e5a29926c016153568a649d24fbad1554783849f422bac657ba85a2

    Download Submit

  • \Users\Admin\AppData\Local\Temp\IXP000.TMP\patched.exe
    Filesize

    897KB

    MD5

    cfa6db02d11865dcaa3fd8cb3de907c4

    SHA1

    21bee2bb0b56e2c6092325656b92c3d95ec55163

    SHA256

    e65bc3d92ab6ded05ecbd00eea7bbef0e8ddaf8b41027d965320bd4c7a90d707

    SHA512

    39ad869a702bbdd4b3cba1109a58edfaca383c82ebdf6ae103d655582a44dd30494894be02101c63fdaf3aaaa87e9503ba9a850175fb6180a1713391c6a8fdc6

    Download Submit

  • memory/1792-8-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1792-10-0x0000000000400000-0x0000000000541000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1792-12-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download