Overview

overview

7

Static

static

1

230a2cb760...49.exe

windows7-x64

7

230a2cb760...49.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    94s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 13:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    230a2cb76027c6aec7db08190c77a149.exe

  • Size

    756KB

  • MD5

    230a2cb76027c6aec7db08190c77a149

  • SHA1

    9624d23ccd08d4c1d31a3b67c6b9e7ec77986ff9

  • SHA256

    22e80a2a7562747ce2524b999f572a1af05d0abde8451cc9aaeb191323d9ccf6

  • SHA512

    c122513d898f7f092d1f2549faf51251858c5a39224b49a2844877b30ac7ebadecab716618a5c037f925007ca2202b2204c5d63a0743529f6de327f6e457d172

  • SSDEEP

    12288:cIfgy933mu6rrUhxGokTJfGTaRbT3ZVXSb6yyO/M9qotVke3UGSWEzav:cIflWbrrUhxGo+JfGWRbT2uyyO/M9HK6

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\230a2cb76027c6aec7db08190c77a149.exe
    "C:\Users\Admin\AppData\Local\Temp\230a2cb76027c6aec7db08190c77a149.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3492
    • C:\Users\Admin\AppData\Local\Temp\setup.exe
      C:\Users\Admin\AppData\Local\Temp\setup.exe relaunch
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:1380
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1380 -s 776
        3⤵
        • Program crash
        PID:4224
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1380 -ip 1380
    1⤵
      PID:3444

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\setup.exe
      Filesize

      2KB

      MD5

      6e2acef73048885e9305437ca64a6b49

      SHA1

      ddec4f66d363cd71671623d89dd7a5d80c1bce3b

      SHA256

      11d4d0180cd1e247a38dfe198ab0852bef4d5fe586991f58172408ebc7432de5

      SHA512

      6073598edaa962cb021a5f8b4467a7a0eb285a4bf4f611d11f27bcbea04113f7603e8c1712e851fd7484fa0f1676231f598d6fe17af26ca027ac498e47448a26

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\setup.exe
      Filesize

      17KB

      MD5

      f4052e3ce9ec4abbbc163f4b4ee99da2

      SHA1

      5de4540349abcf9df9b08af30bde1d2b034d215d

      SHA256

      8c439ff2b8451e1c517e5b90b82b8db724ffc95c0ef4c8a5f7f1cbc0abfcb28c

      SHA512

      531d96805252368430219a50fad6f11ab85f67973839177244a53e96add57e344ec357f1eaa73e9a029d0e6e6262f4a88c8b825d4f941598363c6590541bbfc9

      Download Submit

    • memory/1380-7-0x0000000000400000-0x000000000066E000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/1380-8-0x0000000000400000-0x000000000066E000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/3492-0-0x0000000000400000-0x000000000066E000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/3492-1-0x0000000000400000-0x000000000066E000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/3492-6-0x0000000000400000-0x000000000066E000-memory.dmp

      Filesize

      2.4MB

      Download