5bd305861b70288635bf79e90639931c9e64883be86d3ef18a4853b8cf9abde8

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 02:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4e57cd9bf7dda9b0314b56df99f7f0c9.exe
Size

1.3MB
MD5

4e57cd9bf7dda9b0314b56df99f7f0c9
SHA1

1034bad24db49d701a5d5c6ce36c4c922fdd5b76
SHA256

5bd305861b70288635bf79e90639931c9e64883be86d3ef18a4853b8cf9abde8
SHA512

e270d1de7d33449a6d67ed88e7e5c32dcc759ee33b66ac65f9719ae05e0d96f936f91b58e7035fbdc3aa3600ecac7cdf74e3d4e840fd2399b118c19468757a12
SSDEEP

12288:F2YZmiuluR/qGuGZqf0TphDOaNOFy5R4bO0k:F2YZmiucR/flphbOo5Rmk

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2452	pmview.exe

Loads dropped DLL 2 IoCs

pid	Process
2212	4e57cd9bf7dda9b0314b56df99f7f0c9.exe
2212	4e57cd9bf7dda9b0314b56df99f7f0c9.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2212	4e57cd9bf7dda9b0314b56df99f7f0c9.exe
2212	4e57cd9bf7dda9b0314b56df99f7f0c9.exe
2452	pmview.exe
2452	pmview.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2212 wrote to memory of 2452	2212	4e57cd9bf7dda9b0314b56df99f7f0c9.exe	17
PID 2212 wrote to memory of 2452	2212	4e57cd9bf7dda9b0314b56df99f7f0c9.exe	17
PID 2212 wrote to memory of 2452	2212	4e57cd9bf7dda9b0314b56df99f7f0c9.exe	17
PID 2212 wrote to memory of 2452	2212	4e57cd9bf7dda9b0314b56df99f7f0c9.exe	17

C:\Users\Admin\AppData\Local\Temp\4e57cd9bf7dda9b0314b56df99f7f0c9.exe
"C:\Users\Admin\AppData\Local\Temp\4e57cd9bf7dda9b0314b56df99f7f0c9.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2212
- C:\Windows\TEMP\tmp38BC\pmview.exe
  pmview.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2452

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Temp\tmp38BC\PMVIEW.EXE

Filesize
16KB

MD5
f2faad7ec179eddfef9eb9a5199b8c02

SHA1
c90f23413c0700d20b0f03deb4de7028b9fb82f0

SHA256
8830aa975e8ca29f9504a2894bfcaf4dacb02fb4961724c808399b45c542e2f5

SHA512
09d8e9b12cc46a8613625f6814cc96cc31311dbccebc2f31e482aec767d9584091c58947a34eb946c52f412704c7e3df68437b3e7d89a6e5c681741ef0d42d1a

Download Submit
C:\Windows\Temp\tmp38BC\PMVIEW.EXE

Filesize
27KB

MD5
8a90ad1ca50b331ed8255eb16c8e2c1f

SHA1
896b92b3baba08b3baf62472d18ee10c326d1d60

SHA256
522bd141fdd17796d756cca2acc6391d07871dfcb64ed00dafe3687d7c3dec15

SHA512
0a54c769afae2705d7ab5a08f6ee0304bfd453877b2786c2232f7a79f3861a9fbf0e44927cc185762d45db78dce11658696627c4d2e1ab1256293ae6621e4612

Download Submit
C:\Windows\Temp\tmp38BC\PMView.dat

Filesize
29B

MD5
d43b50a5a419bd1bd1341aa1874ab7f1

SHA1
1b81e470b4eb81ede75262e6f0cb8dd280dfdd6d

SHA256
e09821163f1a10cd2fd848913bd762b16e829a3bd3c48dfe408da34e7dc52dbc

SHA512
fa078dc767ae810350dfd5c05c1185b37814b9c14c3498d438aec995f644c1a6d7a3c3fa8fd987405bd5a7833900ed57d8082adbe05afe903590eb8df788c7e9

Download Submit
C:\Windows\Temp\tmp38BC\docu0180.THM

Filesize
1KB

MD5
dd43856dab8839792ef680d8890e8400

SHA1
ef3daba2c714552171459243db2c2467d675057e

SHA256
63ee8650fae57847344a51c5b96a2414001a4556e49f0b17373fe6da427e4527

SHA512
4090bf90b2b01f4eb6d68f61ac58f58ac57ed13713bae00ecee41557a25e334c5fc5a786b4551b35841dab28bafe779df3972e1b03ba1a7a7ae75f083834130e

Download Submit
C:\Windows\Temp\tmp38BC\docu0180.TIF

Filesize
17KB

MD5
3a786d810ef62df33d0c4254427568cb

SHA1
c0976d6d1de21f3e9a30c4365ac8f889ce261865

SHA256
b4e0a6b6df1b3c3c0baaea2f32f2c11aebfa562b0ab9deb6629cd941a9f3c615

SHA512
bd4ccfa83f727dcfe2045323b5ea35c8983705618962ed8a6815f0fdd6c7e9475885854c812b4a862e94dd8fff68658afb0ee25ac565dd28aa8d07d07ff489ae

Download Submit
\Windows\Temp\tmp38BC\PMVIEW.EXE

Filesize
8KB

MD5
3ee0df73232446209563a362531668c2

SHA1
d10b85776851a356bc5be1e5716a03c0f0669c5e

SHA256
28ae961a3ccfbc8d5ff206a274c22adcb1714a4a7765e1b29f7905c1fa2f3d79

SHA512
fcd3ca1a356d1c92c4307703433af943a90b94ad46c7c992d66f2c445d96c7c988375c472cfd1f8f43634554920045838c13852d8373330a753e454d7f821dcf

Download Submit
\Windows\Temp\tmp38BC\PMVIEW.EXE

Filesize
14KB

MD5
343551816eef2964b5c5093ace193e12

SHA1
e7aab5d6c1530ab105d0c801c46f63fa4f7ae437

SHA256
539bf89f058a9d987f2e4f2d16b24a2f7f611959e753f779b605246b4c016a7f

SHA512
8c425f78ac917cfdf6bf8c7c37fd3f1862ce9bfaf7407a69d8ae5ff2ed496cfda824f82ae733fe7f9493557b449ba8b20517c0d5a0a63cbd136fcd36ec4cc1de

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads