e6eb763bdb7f5f6c418dcaad3efa6f52f9a8a1160e1eb1fca9229b5adc656d25 | Triage

Analysis

max time kernel
122s
max time network
129s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 19:11 UTC

Sharing

Report Analysis Logs

General

Target

36f6768b0d410125fe4f8f3a5a310696.exe
Size

20KB
MD5

36f6768b0d410125fe4f8f3a5a310696
SHA1

43fc9cd0d178807f7dce9b6765f14734a89fb8d7
SHA256

e6eb763bdb7f5f6c418dcaad3efa6f52f9a8a1160e1eb1fca9229b5adc656d25
SHA512

ed689eef2319df90a0dbad62955b0a0a5ca222750d5bb0c89100a3ad838c900d7c7eab6ed09f3b79badefde0798bbae054708b4fafbe7b3d72c19af6d0a912e8
SSDEEP

192:+DtaoLyNiyPl3VadnDqA223t8niksSXUUt2mII:g9QanWAbtAiDSXUUtJII

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2400	36f6768b0d410125fe4f8f3a5a310696.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2400 wrote to memory of 2452	2400	36f6768b0d410125fe4f8f3a5a310696.exe	29
PID 2400 wrote to memory of 2452	2400	36f6768b0d410125fe4f8f3a5a310696.exe	29
PID 2400 wrote to memory of 2452	2400	36f6768b0d410125fe4f8f3a5a310696.exe	29
PID 2400 wrote to memory of 2452	2400	36f6768b0d410125fe4f8f3a5a310696.exe	29

C:\Users\Admin\AppData\Local\Temp\36f6768b0d410125fe4f8f3a5a310696.exe
"C:\Users\Admin\AppData\Local\Temp\36f6768b0d410125fe4f8f3a5a310696.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2400
- C:\Windows\SysWOW64\cmd.exe
  cmd /C pause
  2⤵
  PID:2452

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads