Overview

overview

7

Static

static

3

23d3563d9a...84.exe

windows7-x64

7

23d3563d9a...84.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    7s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 14:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    23d3563d9ad3e7be705786fedd47a184.exe

  • Size

    389KB

  • MD5

    23d3563d9ad3e7be705786fedd47a184

  • SHA1

    216eb632ab543e3b661e93585d6523aa3c0ccdf4

  • SHA256

    122550ca70185d92eae12ecf8efa44582c5a32f048fbcc8ecb5970bfc437404e

  • SHA512

    af84e146817b9c8d1e0a1ea240973ef458f347c1f525c1e713d4f69f70ca6f41003bd3019660c4eef7538141087a2faffa256d005e99ff879aa5217cba3c87ac

  • SSDEEP

    6144:refmGwWqtO9ik96bDMe2mqVzNudSNbzagf5EZ6oAv8mdivS9tRS41oaIRS9EGvBM:rTGh596P499hBW+E4T8Tv4XSkI560D7

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\23d3563d9ad3e7be705786fedd47a184.exe
    "C:\Users\Admin\AppData\Local\Temp\23d3563d9ad3e7be705786fedd47a184.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2172
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://qqgame.qq.com
      2⤵
        PID:1944
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1944 CREDAT:275457 /prefetch:2
          3⤵
            PID:2584

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2172-4-0x00000000007A0000-0x0000000000813000-memory.dmp

        Filesize

        460KB

        Download

      • memory/2172-1-0x0000000000400000-0x0000000000439000-memory.dmp

        Filesize

        228KB

        Download

      • memory/2172-6-0x0000000000400000-0x0000000000439000-memory.dmp

        Filesize

        228KB

        Download

      • memory/2172-5-0x00000000007A0000-0x0000000000813000-memory.dmp

        Filesize

        460KB

        Download