19fc3a4be7f67e4b3327fa99e1eacc5f63ba44a2c6f8fa49ce67ebb16e507b64 | Triage

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 04:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

anexo.exe
Size

164KB
MD5

65a25bd18eef6da33510933439287f74
SHA1

aa9e4bfc22ab24873949f582b33bcc858450673e
SHA256

81c7d12c6494c6c8a80811c0938ffc102aef7a84d2638001b2c44edac62c05d1
SHA512

688685e926a880f3d4fc158e9c599b9415e0cbce86b1f34d3469c253242a63f5ab0325d2e7ca4c5780992b71864e0080c9730a4eb1b81cbe784c6689a6414caf
SSDEEP

3072:ef64sywp2Wh3O4eIg0xTGHcjEu+p08i5HyMX/89O5OKraBV:efpsywwf4vdjcTiZy4UlKg

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1660	anexo.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1660 wrote to memory of 3016	1660	anexo.exe	28
PID 1660 wrote to memory of 3016	1660	anexo.exe	28
PID 1660 wrote to memory of 3016	1660	anexo.exe	28
PID 1660 wrote to memory of 3016	1660	anexo.exe	28
PID 1660 wrote to memory of 3016	1660	anexo.exe	28
PID 1660 wrote to memory of 3016	1660	anexo.exe	28
PID 1660 wrote to memory of 3016	1660	anexo.exe	28

C:\Users\Admin\AppData\Local\Temp\anexo.exe
"C:\Users\Admin\AppData\Local\Temp\anexo.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1660
- C:\Windows\SysWOW64\regsvr32.exe
  C:\Windows\system32\regsvr32.exe /s wusm3796.ocx
  2⤵
  PID:3016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads