Overview

overview

7

Static

static

3

368272f2c9...8b.exe

windows7-x64

7

368272f2c9...8b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 19:04

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    368272f2c99fff8533be714117e9bc8b.exe

  • Size

    501KB

  • MD5

    368272f2c99fff8533be714117e9bc8b

  • SHA1

    efe4ed68f73ce06f678751288cf1c8b6796b00d2

  • SHA256

    06f3235f2552ca270d9214d578b73ffe1aac3562d74fee16b2e6146982824790

  • SHA512

    b0fde53a17857033170d97ac60fd7011024dac9c0d056767228de99def4e107e8c38c3c7c7250effc1735c5f1c50e52f145a44d4fdc5a080afcd4ea3ef43812f

  • SSDEEP

    12288:5l7UZqXwvpQS9jukB4Ef8EhvSFDQxYsnv:gqXwmXkfdvSFDE

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\368272f2c99fff8533be714117e9bc8b.exe
    "C:\Users\Admin\AppData\Local\Temp\368272f2c99fff8533be714117e9bc8b.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3028
    • C:\Users\Admin\Localdir\svchost.exe
      C:\Users\Admin\Localdir\svchost.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2412

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\Localdir\svchost.exe
          Filesize

          92KB

          MD5

          0bfd7d725be6be6d45421714b647eebd

          SHA1

          641589c19c7d55bcd0270be777a6a6689ca80448

          SHA256

          ed625b638a727a593667ba72588ca4c168a1f18dc24b496d6d21d0ce457b177a

          SHA512

          b858309141e994a95bc62ce8de7afa72e8620a6bb1780e91ebc3bad5d410339d5634f965a31c1126271a4105f5d8f6b48d1ef7f1952f3c21effa5fe6ba3bb7cd

          Download Submit

        • C:\Users\Admin\Localdir\svchost.exe
          Filesize

          93KB

          MD5

          76e4d14618c2e138074caa2b911352e6

          SHA1

          3c86373740e473faa531b6055817906412d13fdb

          SHA256

          1567d9f873a0ac044fb53125f5ae76cdc68bdadda9ae93d37657e05b0b59b34f

          SHA512

          0bb0f703e36ba5189f24e497631ac14c8d5195ca74b35614a1df3a0c320881312f089363738fd85006bd7dde50f8b84d92c810c87c9422e7f6034112cefb36a6

          Download Submit

        • \Users\Admin\Localdir\svchost.exe
          Filesize

          106KB

          MD5

          beb22cf95537014a24991ae796601e0a

          SHA1

          481d374d5173d7dca77149c800314f14ec363af7

          SHA256

          0145991af0ce4bca517499d43ce78b3508db0ecbced5a2000ffc1dc8c31968ba

          SHA512

          f392078dfb6b61f81e84398d11e79e21476c583c540885977a4909ee5f6c47c75d22b64754cfd5888935c5fb6b304d11e9108c0a02dbec82cd5ec40bcef36796

          Download Submit

        • memory/3028-0-0x0000000000400000-0x000000000047C000-memory.dmp

          Filesize

          496KB

          Download