14d18ccbf2c0f1e5d4c99c3e706e9f1a9a853d3ee720a9b600147448e22b1ecd

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 07:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5d6883464307b25c817f9a36f97ca626.exe
Size

599KB
MD5

5d6883464307b25c817f9a36f97ca626
SHA1

c16077ddb69d3a570a86c5a41c5538267c17ff0f
SHA256

14d18ccbf2c0f1e5d4c99c3e706e9f1a9a853d3ee720a9b600147448e22b1ecd
SHA512

8d340a86a50443728c536fff4a2076c8d23433007f1f3f1ce658b326cf8381e01a982a65cce2f109cf5a9c0d42727bf960052f1eb2df6dc606f334aeb17837f3
SSDEEP

6144:XKWlw1Dx1TgzK7Yi06sCxVajmzx9S9HNBLlpY4Yi0flysVufBn597NX2F:X7lw1DxhgzaY5MxVaRPKxysgfBnnl2F

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2792	ocs_v8.exe

Loads dropped DLL 2 IoCs

pid	Process
1244	5d6883464307b25c817f9a36f97ca626.exe
1244	5d6883464307b25c817f9a36f97ca626.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1244	5d6883464307b25c817f9a36f97ca626.exe
2792	ocs_v8.exe
2792	ocs_v8.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1244 wrote to memory of 2792	1244	5d6883464307b25c817f9a36f97ca626.exe	28
PID 1244 wrote to memory of 2792	1244	5d6883464307b25c817f9a36f97ca626.exe	28
PID 1244 wrote to memory of 2792	1244	5d6883464307b25c817f9a36f97ca626.exe	28
PID 1244 wrote to memory of 2792	1244	5d6883464307b25c817f9a36f97ca626.exe	28

C:\Users\Admin\AppData\Local\Temp\5d6883464307b25c817f9a36f97ca626.exe
"C:\Users\Admin\AppData\Local\Temp\5d6883464307b25c817f9a36f97ca626.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1244
- C:\Users\Admin\AppData\Local\Temp\OCS\ocs_v8.exe
  C:\Users\Admin\AppData\Local\Temp\OCS\ocs_v8.exe -install -54474105 -chipde -02ea0a5f44e94a859e8d6c08d7989357 - -ChromeBundle -kwdvaprlpvitdxdj -459246
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\OCS\kwdvaprlpvitdxdj.dat

Filesize
83B

MD5
0a139d93ddc2a474772392e6f50ef6f5

SHA1
a301d3cd82496920f68a585d58862f38a5be67a4

SHA256
0246cfdf76a7c9bf986941df9d68a7dfbdbdd559881e3bb24c9683d2a132e7f0

SHA512
13187b2a7a6ed25b545fc0a53692502f402f1f643867615be3111e4f9f88ee8e0823462e1b1e123a6507bb75d20a13247eab01e0177aa53d0d8f0c35d46fbace

Download Submit
\Users\Admin\AppData\Local\Temp\OCS\ocs_v8.exe

Filesize
288KB

MD5
f1ac19e315094f6cd302aaa8d47a1890

SHA1
7fd3db54264a63c00b3b3894b8f9c76e86215068

SHA256
1629b563d90ab134bf38804f489724ed3c6047817ff673b82979444e84c99e9d

SHA512
dcdfae6c6568170cfda31f247a9c0a322d924164c79328cdc8e2334c1569436fae34d31e5b78755505529b1aac9cc83f7c7ea38f73eb6e08c076c5c9c9e7b11a

Download Submit
memory/2792-18-0x0000000000AD0000-0x0000000000B50000-memory.dmp

Filesize
512KB

Download
memory/2792-13-0x0000000000AD0000-0x0000000000B50000-memory.dmp

Filesize
512KB

Download
memory/2792-15-0x000007FEF6090000-0x000007FEF6A2D000-memory.dmp

Filesize
9.6MB

Download
memory/2792-16-0x0000000000AD0000-0x0000000000B50000-memory.dmp

Filesize
512KB

Download
memory/2792-12-0x000007FEF6090000-0x000007FEF6A2D000-memory.dmp

Filesize
9.6MB

Download
memory/2792-19-0x0000000000AD0000-0x0000000000B50000-memory.dmp

Filesize
512KB

Download
memory/2792-20-0x0000000000AD0000-0x0000000000B50000-memory.dmp

Filesize
512KB

Download
memory/2792-17-0x0000000000AD0000-0x0000000000B50000-memory.dmp

Filesize
512KB

Download
memory/2792-21-0x000007FEF6090000-0x000007FEF6A2D000-memory.dmp

Filesize
9.6MB

Download
memory/2792-22-0x0000000000AD0000-0x0000000000B50000-memory.dmp

Filesize
512KB

Download
memory/2792-23-0x000007FEF6090000-0x000007FEF6A2D000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads