e6e5cd1e4385f61a4956dd317ac4b4328d25718a991a3fcabf877c7ce3a6f3fa

Analysis

max time kernel
119s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 20:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3b770df75c5cd802c626f5d6341e127a.exe
Size

268KB
MD5

3b770df75c5cd802c626f5d6341e127a
SHA1

cecaa6bb4edf9b6f85f628120c5f029336ff60fb
SHA256

e6e5cd1e4385f61a4956dd317ac4b4328d25718a991a3fcabf877c7ce3a6f3fa
SHA512

cea376be072c8bd94ce985daf309ef6269d197eb991dc2670a89a4326bf8185d660f76c4c5e42c21b92ab932b91119352d3803e15d4b24199eea23e70852dd7b
SSDEEP

6144:8gVZNX0IpM7+N1ou6koVxYt02O5EF1oxTs:8qZNkIaa1ou694GCroe

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 10 IoCs

description	ioc	Process
File opened for modification	C:\WINDOWS\SysWOW64\Helicon\server2.ini	3b770df75c5cd802c626f5d6341e127a.exe
File opened for modification	C:\WINDOWS\SysWOW64\Helicon\server5.ini	3b770df75c5cd802c626f5d6341e127a.exe
File opened for modification	C:\WINDOWS\SysWOW64\Helicon\server8.ini	3b770df75c5cd802c626f5d6341e127a.exe
File opened for modification	C:\WINDOWS\SysWOW64\Helicon\server7.ini	3b770df75c5cd802c626f5d6341e127a.exe
File opened for modification	C:\WINDOWS\SysWOW64\Helicon\server9.ini	3b770df75c5cd802c626f5d6341e127a.exe
File opened for modification	C:\WINDOWS\SysWOW64\Helicon\server10.ini	3b770df75c5cd802c626f5d6341e127a.exe
File opened for modification	C:\WINDOWS\SysWOW64\Helicon\server1.ini.ini	3b770df75c5cd802c626f5d6341e127a.exe
File opened for modification	C:\WINDOWS\SysWOW64\Helicon\server3.ini	3b770df75c5cd802c626f5d6341e127a.exe
File opened for modification	C:\WINDOWS\SysWOW64\Helicon\server4.ini	3b770df75c5cd802c626f5d6341e127a.exe
File opened for modification	C:\WINDOWS\SysWOW64\Helicon\server6.ini	3b770df75c5cd802c626f5d6341e127a.exe

Drops file in Program Files directory 21 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Helicon\SeaPort10.ini	3b770df75c5cd802c626f5d6341e127a.exe
File opened for modification	C:\Program Files\CybeRLink\CybeRLink3.ini	3b770df75c5cd802c626f5d6341e127a.exe
File opened for modification	C:\Program Files\Helicon\SeaPort3.ini	3b770df75c5cd802c626f5d6341e127a.exe
File opened for modification	C:\Program Files\Helicon\SeaPort6.ini	3b770df75c5cd802c626f5d6341e127a.exe
File opened for modification	C:\Program Files\Helicon\SeaPort8.ini	3b770df75c5cd802c626f5d6341e127a.exe
File opened for modification	C:\Program Files\CybeRLink\CybeRLink1.ini	3b770df75c5cd802c626f5d6341e127a.exe
File opened for modification	C:\Program Files\CybeRLink\CybeRLink7.ini	3b770df75c5cd802c626f5d6341e127a.exe
File opened for modification	C:\Program Files\CybeRLink\CybeRLink9.ini	3b770df75c5cd802c626f5d6341e127a.exe
File opened for modification	C:\Program Files\NetMeeting\test.log	3b770df75c5cd802c626f5d6341e127a.exe
File opened for modification	C:\Program Files\Helicon\SeaPort2.ini	3b770df75c5cd802c626f5d6341e127a.exe
File opened for modification	C:\Program Files\Helicon\SeaPort4.ini	3b770df75c5cd802c626f5d6341e127a.exe
File opened for modification	C:\Program Files\Helicon\SeaPort7.ini	3b770df75c5cd802c626f5d6341e127a.exe
File opened for modification	C:\Program Files\CybeRLink\CybeRLink4.ini	3b770df75c5cd802c626f5d6341e127a.exe
File opened for modification	C:\Program Files\CybeRLink\CybeRLink6.ini	3b770df75c5cd802c626f5d6341e127a.exe
File opened for modification	C:\Program Files\CybeRLink\CybeRLink2.ini	3b770df75c5cd802c626f5d6341e127a.exe
File opened for modification	C:\Program Files\CybeRLink\CybeRLink5.ini	3b770df75c5cd802c626f5d6341e127a.exe
File opened for modification	C:\Program Files\CybeRLink\CybeRLink8.ini	3b770df75c5cd802c626f5d6341e127a.exe
File opened for modification	C:\Program Files\CybeRLink\CybeRLink10.ini	3b770df75c5cd802c626f5d6341e127a.exe
File opened for modification	C:\Program Files\Helicon\SeaPort1.ini	3b770df75c5cd802c626f5d6341e127a.exe
File opened for modification	C:\Program Files\Helicon\SeaPort5.ini	3b770df75c5cd802c626f5d6341e127a.exe
File opened for modification	C:\Program Files\Helicon\SeaPort9.ini	3b770df75c5cd802c626f5d6341e127a.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2976	3b770df75c5cd802c626f5d6341e127a.exe
2976	3b770df75c5cd802c626f5d6341e127a.exe
2976	3b770df75c5cd802c626f5d6341e127a.exe
2976	3b770df75c5cd802c626f5d6341e127a.exe

C:\Users\Admin\AppData\Local\Temp\3b770df75c5cd802c626f5d6341e127a.exe
"C:\Users\Admin\AppData\Local\Temp\3b770df75c5cd802c626f5d6341e127a.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
PID:2976

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads