76665f37f480c1124bed319c55457d7909e9179fa791bbf2971c4b3f072c0273

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 21:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3cc0d0740491861616c3a6a0a728e2e6.exe
Size

1021KB
MD5

3cc0d0740491861616c3a6a0a728e2e6
SHA1

402011eadfbdc2440cfee0783d76a2499f004c83
SHA256

76665f37f480c1124bed319c55457d7909e9179fa791bbf2971c4b3f072c0273
SHA512

5f6c4b4348e83e3cf55f6ed502802b6e5464fe289abb35ff27ddc2869f19b34c11619145188ae859d323e4d1143f36a54eefc79f2e7cae45179fa02888aaff85
SSDEEP

24576:gvmqGi12npB+mjFXOXvAkEp3W8AD/Dhd+y4lqJ8QdCYDoDNQ:gvmbi1mpB+KtdsvD/DX+y4onCYDoDK

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
956	temp1.tem
1836	temp2.tem

Loads dropped DLL 5 IoCs

pid	Process
2244	3cc0d0740491861616c3a6a0a728e2e6.exe
2244	3cc0d0740491861616c3a6a0a728e2e6.exe
2244	3cc0d0740491861616c3a6a0a728e2e6.exe
2244	3cc0d0740491861616c3a6a0a728e2e6.exe
2244	3cc0d0740491861616c3a6a0a728e2e6.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2244	3cc0d0740491861616c3a6a0a728e2e6.exe
2244	3cc0d0740491861616c3a6a0a728e2e6.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2244 wrote to memory of 956	2244	3cc0d0740491861616c3a6a0a728e2e6.exe	14
PID 2244 wrote to memory of 956	2244	3cc0d0740491861616c3a6a0a728e2e6.exe	14
PID 2244 wrote to memory of 956	2244	3cc0d0740491861616c3a6a0a728e2e6.exe	14
PID 2244 wrote to memory of 956	2244	3cc0d0740491861616c3a6a0a728e2e6.exe	14
PID 2244 wrote to memory of 1836	2244	3cc0d0740491861616c3a6a0a728e2e6.exe	15
PID 2244 wrote to memory of 1836	2244	3cc0d0740491861616c3a6a0a728e2e6.exe	15
PID 2244 wrote to memory of 1836	2244	3cc0d0740491861616c3a6a0a728e2e6.exe	15
PID 2244 wrote to memory of 1836	2244	3cc0d0740491861616c3a6a0a728e2e6.exe	15

C:\Users\Admin\AppData\Local\Temp\temp1.tem
C:\Users\Admin\AppData\Local\Temp\temp1.tem
1⤵
- Executes dropped EXE
PID:956

C:\Users\Admin\AppData\Local\Temp\temp2.tem
C:\Users\Admin\AppData\Local\Temp\temp2.tem
1⤵
- Executes dropped EXE
PID:1836

C:\Users\Admin\AppData\Local\Temp\3cc0d0740491861616c3a6a0a728e2e6.exe
"C:\Users\Admin\AppData\Local\Temp\3cc0d0740491861616c3a6a0a728e2e6.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2244

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\E_4\krnln.fnr

Filesize
92KB

MD5
9a071f0f9e0c9efd6c19bab33e0246e9

SHA1
8118e0648817a9affe125234bd41f9bd7e50edf8

SHA256
6d498c3413165d32c179ed8e3e4161b09c9d6340ac41c5cf5b26cc602292088e

SHA512
e51ed4f98eccdbce9f2e8262120f894465b94ed3d29221949240d0ce239791ceb963d393a4051b8e8543d692be18d90e5fdfe97f879483d264ae0aa0981352fe

Download Submit
\Users\Admin\AppData\Local\Temp\temp1.tem

Filesize
65KB

MD5
2aff65180ccd860c84c6de7877fa6b0f

SHA1
0dca808db5c8dd7a699fdd0765afbbe509817ce8

SHA256
6c91830c440b3ce211f6b075a2db681ca51403f53f17d74b35d5d8b9340d70e3

SHA512
8dcb62863954fdc45e3efc508c02b5d0ba8fdc120e5cc8a6b28a509750e406654390adc3df5b954349de6a2175783d010a2a53d532ec641217978b3331075629

Download Submit
memory/956-14-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1836-27-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/1836-26-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/1836-25-0x0000000000400000-0x00000000005C8000-memory.dmp

Filesize
1.8MB

Download
memory/1836-29-0x0000000000400000-0x00000000005C8000-memory.dmp

Filesize
1.8MB

Download
memory/1836-23-0x0000000000400000-0x00000000005C8000-memory.dmp

Filesize
1.8MB

Download
memory/2244-28-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2244-13-0x0000000000220000-0x0000000000228000-memory.dmp

Filesize
32KB

Download
memory/2244-24-0x00000000027F0000-0x00000000029B8000-memory.dmp

Filesize
1.8MB

Download
memory/2244-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2244-15-0x0000000000220000-0x0000000000228000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads