e2f6deae92569b983420bffd16fbe6e1a9f5af9a2c0f6701735a851e0eabfe95 | Triage

Analysis

max time kernel
181s
max time network
200s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 16:50

Sharing

Report Analysis Logs

General

Target

2e83b7c62c871211bce30ea1d741d864.exe
Size

30KB
MD5

2e83b7c62c871211bce30ea1d741d864
SHA1

8559835679e3ded3b35976fb6cdf70bfa49ea006
SHA256

e2f6deae92569b983420bffd16fbe6e1a9f5af9a2c0f6701735a851e0eabfe95
SHA512

ca9ca3cd83e7be8a18e596e7ba0eda2d6f4f995d0c06489d79576c656240ec4821f11ec8b216c14c92618d1de8e45bd68de30196896078afada6ddc5b1e073cd
SSDEEP

384:/TqeDqmPyNDmngDRkQe9Uu7VxWiIY58o/ZX:/GeeT9mnd9pHWpi/ZX

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2732	rst.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\rst.exe	2e83b7c62c871211bce30ea1d741d864.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4508	2e83b7c62c871211bce30ea1d741d864.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4508 wrote to memory of 2732	4508	2e83b7c62c871211bce30ea1d741d864.exe	93
PID 4508 wrote to memory of 2732	4508	2e83b7c62c871211bce30ea1d741d864.exe	93
PID 4508 wrote to memory of 2732	4508	2e83b7c62c871211bce30ea1d741d864.exe	93

C:\Users\Admin\AppData\Local\Temp\2e83b7c62c871211bce30ea1d741d864.exe
"C:\Users\Admin\AppData\Local\Temp\2e83b7c62c871211bce30ea1d741d864.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4508
- C:\Windows\SysWOW64\rst.exe
  C:\Windows\system32\rst.exe
  2⤵
  - Executes dropped EXE
  PID:2732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\rst.exe

Filesize
6KB

MD5
7489cbc52efe400be9ceb90f3fde45e0

SHA1
0c9fc5f65ddb0ff7fbb5548fc9c73d34bed7dda7

SHA256
0015afee6cff7ac0b63997eccfa403d6c56268580e2aacf81fc99855b149d102

SHA512
f3f74f108c96f180f02fa73b2ee1b7a46e9f63c65129a16fac1ef37452e9b9b1adda4f8db1175d03fff039409cb722ddb1a2f89fc32a454002e31913ce420eb5

Download Submit
memory/2732-6-0x0000000000400000-0x0000000000401800-memory.dmp

Filesize
6KB

Download