Overview

overview

7

Static

static

3

5b178db698...24.exe

windows7-x64

7

5b178db698...24.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    7s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26-12-2023 06:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5b178db6988f2b6007394039e2ea1624.exe

  • Size

    1.6MB

  • MD5

    5b178db6988f2b6007394039e2ea1624

  • SHA1

    3c76f4a7c76636f1890a43841fc032078a051b1e

  • SHA256

    cff236e006b5a0887f6f377996d7316d474020b1384f940bb67c44e6536d28df

  • SHA512

    09f34067d022ddc520ef08d5d6853d9e557c55cd59169b6c055a9cbcd706a723701a50b215d6f12db8ec185e78454fc9cdca26dcedb6b823a7a4697371b7f417

  • SSDEEP

    24576:ifzPI9aTqlH76rh7o4RPqX45VVWb+UqEpd45+xA:uzuOkb6JxbVs+BE85+xA

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cvspoll.exe
    C:\Users\Admin\AppData\Local\Temp\cvspoll.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetWindowsHookEx
    PID:2100
  • C:\Users\Admin\AppData\Local\Temp\5b178db6988f2b6007394039e2ea1624.exe
    "C:\Users\Admin\AppData\Local\Temp\5b178db6988f2b6007394039e2ea1624.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1620

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\cvspoll.exe
    Filesize

    92KB

    MD5

    5897da0641f71bf15b7bde03964af4e9

    SHA1

    b3d0ee1707ca8b9c764e510a134e0a943dcf7ac6

    SHA256

    8718e503ca6c381679a1aa129f88bb02150867c0094a133beed519d5706ba76c

    SHA512

    600e53943f53ced5fd2417484478e9682ce75d41c23761be0146ff22ffc8c7f803fd111ccee2fbe2fdc50482fecb67d15aa7df86e69d80afe31f2122ae1d186f

    Download Submit

  • memory/1620-9-0x0000000003060000-0x0000000003205000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1620-12-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1620-1-0x0000000052700000-0x00000000528A5000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1620-13-0x0000000052700000-0x00000000528A5000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1620-18-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2100-11-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2100-10-0x0000000052700000-0x00000000528A5000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2100-14-0x0000000052700000-0x00000000528A5000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2100-16-0x0000000052700000-0x00000000528A5000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2100-17-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download