22fe6f1bbe280105a7cd0ab45552a2693d6b1055ee0ec68289498bfbf685e4cb

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 19:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

378f8fc91cbac0ad1f0387b4420d18a6.exe
Size

604KB
MD5

378f8fc91cbac0ad1f0387b4420d18a6
SHA1

cc3b0c28e3df89b2b343b2a4b4c2faa62bebea95
SHA256

22fe6f1bbe280105a7cd0ab45552a2693d6b1055ee0ec68289498bfbf685e4cb
SHA512

b8a93148b3d0629495cd327684e833d297c7fc0e0ef23dcf82b88aa72cd3537ef227d73020d033f586d70d01a7ad79c7ecd50b38293d682c7d836e9772232b47
SSDEEP

6144:HKWlw1DxXLp9fCEc2PI4Saq9JNl6zBY4o83fqysVufBn597NX2oj:H7lw1Dx7p9fXHPIz3vtysgfBnnl2oj

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2612	ocs_v71.exe

Loads dropped DLL 2 IoCs

pid	Process
2232	378f8fc91cbac0ad1f0387b4420d18a6.exe
2232	378f8fc91cbac0ad1f0387b4420d18a6.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2232	378f8fc91cbac0ad1f0387b4420d18a6.exe
2612	ocs_v71.exe
2612	ocs_v71.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 2612	2232	378f8fc91cbac0ad1f0387b4420d18a6.exe	28
PID 2232 wrote to memory of 2612	2232	378f8fc91cbac0ad1f0387b4420d18a6.exe	28
PID 2232 wrote to memory of 2612	2232	378f8fc91cbac0ad1f0387b4420d18a6.exe	28
PID 2232 wrote to memory of 2612	2232	378f8fc91cbac0ad1f0387b4420d18a6.exe	28

C:\Users\Admin\AppData\Local\Temp\378f8fc91cbac0ad1f0387b4420d18a6.exe
"C:\Users\Admin\AppData\Local\Temp\378f8fc91cbac0ad1f0387b4420d18a6.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Users\Admin\AppData\Local\Temp\OCS\ocs_v71.exe
  C:\Users\Admin\AppData\Local\Temp\OCS\ocs_v71.exe -install -54383364 -chipde -8004ab6db922495ea433ff5fbf01f179 - -abp2 -wqplezyllwjfjobv -459084
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\OCS\ocs_v71.exe

Filesize
292KB

MD5
ad68076fb58a634cba05c9396b0f20af

SHA1
dabc08bdf0203f5946101a0eea51d494e87f67b9

SHA256
dc712ebab17c0bf8d73a1c5b5b3b053fd1e665a2d6ad21eb5a9b34da6e844a5a

SHA512
be7f294cd4835353ab121a2de655f4a99718096f078713bd1bc8c2d2a847937bafe6853b13bb7c41178f1b33aeacf3af3d13b80f1494cca4489472458a1b63ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\OCS\wqplezyllwjfjobv.dat

Filesize
81B

MD5
ec7d34f1c696bfb0d2353a399f7dc9e9

SHA1
767b757e7129f9b3310baf95faa0982cdbe10e1e

SHA256
21d37cffbbaff9257e2f9d046bc6064eb4d1ac62e3012b7c6245411215b2db07

SHA512
f6c98c18b22deb0b8434f5e9f2add8933262654fc8016f319fdaefc483cb8bfc7b8b6616df333e88f8292daa8f1f01b4b9f756943731e6a10225685ed2738e7b

Download Submit
memory/2612-12-0x000007FEF5E80000-0x000007FEF681D000-memory.dmp

Filesize
9.6MB

Download
memory/2612-13-0x00000000021A0000-0x0000000002220000-memory.dmp

Filesize
512KB

Download
memory/2612-14-0x000007FEF5E80000-0x000007FEF681D000-memory.dmp

Filesize
9.6MB

Download
memory/2612-16-0x00000000021A0000-0x0000000002220000-memory.dmp

Filesize
512KB

Download
memory/2612-17-0x00000000021A0000-0x0000000002220000-memory.dmp

Filesize
512KB

Download
memory/2612-18-0x00000000021A0000-0x0000000002220000-memory.dmp

Filesize
512KB

Download
memory/2612-19-0x00000000021A0000-0x0000000002220000-memory.dmp

Filesize
512KB

Download
memory/2612-20-0x00000000021A0000-0x0000000002220000-memory.dmp

Filesize
512KB

Download
memory/2612-21-0x00000000021A0000-0x0000000002220000-memory.dmp

Filesize
512KB

Download
memory/2612-22-0x000007FEF5E80000-0x000007FEF681D000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads