5bd305861b70288635bf79e90639931c9e64883be86d3ef18a4853b8cf9abde8

Analysis

max time kernel
145s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 02:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4e57cd9bf7dda9b0314b56df99f7f0c9.exe
Size

1.3MB
MD5

4e57cd9bf7dda9b0314b56df99f7f0c9
SHA1

1034bad24db49d701a5d5c6ce36c4c922fdd5b76
SHA256

5bd305861b70288635bf79e90639931c9e64883be86d3ef18a4853b8cf9abde8
SHA512

e270d1de7d33449a6d67ed88e7e5c32dcc759ee33b66ac65f9719ae05e0d96f936f91b58e7035fbdc3aa3600ecac7cdf74e3d4e840fd2399b118c19468757a12
SSDEEP

12288:F2YZmiuluR/qGuGZqf0TphDOaNOFy5R4bO0k:F2YZmiucR/flphbOo5Rmk

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4844	pmview.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2904	4e57cd9bf7dda9b0314b56df99f7f0c9.exe
2904	4e57cd9bf7dda9b0314b56df99f7f0c9.exe
4844	pmview.exe
4844	pmview.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2904 wrote to memory of 4844	2904	4e57cd9bf7dda9b0314b56df99f7f0c9.exe	20
PID 2904 wrote to memory of 4844	2904	4e57cd9bf7dda9b0314b56df99f7f0c9.exe	20
PID 2904 wrote to memory of 4844	2904	4e57cd9bf7dda9b0314b56df99f7f0c9.exe	20

C:\Users\Admin\AppData\Local\Temp\4e57cd9bf7dda9b0314b56df99f7f0c9.exe
"C:\Users\Admin\AppData\Local\Temp\4e57cd9bf7dda9b0314b56df99f7f0c9.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Windows\TEMP\tmp46FC\pmview.exe
  pmview.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4844

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\TEMP\tmp46FC\pmview.exe

Filesize
18KB

MD5
cb2a7d63071099f138d2f1f022daaada

SHA1
472155a9056219691792b1c0a434a92d42d03c36

SHA256
3dd399c390ee92bb44a2cadf0a9ce12a696a131e4dfc913ea4777b574530b470

SHA512
9bb94ef08a122b33eabd22d1d6870912d8134147b363740818382f8366453add156e326c752824c6b9998aa250b6405555b8e7ec3ea05d12eccf2fc8d693afea

Download Submit
C:\Windows\Temp\tmp46FC\PMVIEW.EXE

Filesize
67KB

MD5
087ef2112fabf9ab13524e97cb3dfd2f

SHA1
88496dd8b11d42071edc62918d7a81988761ca13

SHA256
f8d6e245b9a0e8b9b8e106954291cf90d2fec7ba03705949e5048bf135407b21

SHA512
b690b60732e7847443a0e737c3df7a71a75388c0434ca1c35c22f8758ea3872fb666a0bc505e4d13fee6fad3a638456184ae9420bdb604a6d6e4150eb580945c

Download Submit
C:\Windows\Temp\tmp46FC\PMView.dat

Filesize
29B

MD5
d43b50a5a419bd1bd1341aa1874ab7f1

SHA1
1b81e470b4eb81ede75262e6f0cb8dd280dfdd6d

SHA256
e09821163f1a10cd2fd848913bd762b16e829a3bd3c48dfe408da34e7dc52dbc

SHA512
fa078dc767ae810350dfd5c05c1185b37814b9c14c3498d438aec995f644c1a6d7a3c3fa8fd987405bd5a7833900ed57d8082adbe05afe903590eb8df788c7e9

Download Submit
C:\Windows\Temp\tmp46FC\docu0180.THM

Filesize
5KB

MD5
3d2a116312b54e03c28bfd26dc48bccb

SHA1
7b1eda08299ef4ad2e3c0c5d4caafd1d9c887aa2

SHA256
737495e1e13b2d04f36875177b9d40bb7a981d20bf302d8f194ec5217b2e477f

SHA512
786a23844cb5da6801b9e2d2fc5fde6bf15a996985abb0d1d35dd84a1e232d786cfcb60af6d533f41e49a2eb8ac99ec1992e7d8c7e8fac24299b156968be151a

Download Submit
C:\Windows\Temp\tmp46FC\docu0180.TIF

Filesize
9KB

MD5
f79f07c88f198eb8bef020d8da015565

SHA1
de42c50bfd3bbbc915507882a45464af9dd302d6

SHA256
8044295ee95385cf8651e0f54488f697db3ac5967ea7f31de99b4239385d01bc

SHA512
820c7913b23f2f815664c19099e8e3f9a9b2d8d36a1ee5fa33a43d78cfd7e16c560e9799cc2e9dc41e897737c53a8e857b4218a08dd5514415f44a467c52300a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads