Overview

overview

7

Static

static

3

651a4e3369...23.exe

windows7-x64

7

651a4e3369...23.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2023, 09:51

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    651a4e3369f29c137140458c143a4a23.exe

  • Size

    1.8MB

  • MD5

    651a4e3369f29c137140458c143a4a23

  • SHA1

    133559632a551a7223f17205a660119f9e771384

  • SHA256

    cf223bfa764f93e00c8716e09c5594e5102e12254001d778f04c07109a5e237c

  • SHA512

    36e7337769d8451f9648f572842e30b3586db0ee2fe9b272810209676cc890eb256d82a45c6b43994f22f17294bc1041c7ac3e05236f2ad8277c2be6c5109071

  • SSDEEP

    24576:0h4XStU4gf2EW5A2DJr/kS4vGIk6v3HffvXlxfwx8nuSaHxkoISY57RbTihj4rER:0h+h43Dp/wPHHvXlaJSkx1k7hiOaEGD1

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\651a4e3369f29c137140458c143a4a23.exe
    "C:\Users\Admin\AppData\Local\Temp\651a4e3369f29c137140458c143a4a23.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    PID:1332

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\xp corona.ini
          Filesize

          13KB

          MD5

          a152624b37f76f785f5ac7e54c91b745

          SHA1

          c9df1dd86414df7f704c0e88259cc31ea1f261a0

          SHA256

          fa6d97c81e2d5d16b68e5e043398d202a7f08753be1537d4627a70df2e14c499

          SHA512

          9e6fcc306cdb07f4e48a7dbd2bb5ef4d950ade97c9b8cc0d5bb7b2d82656e1f2d186f5b5cbec650eb2bbe423b1c4a9683d239d5a7fd869fb700e7cccbce32a09

          Download Submit

        • \Users\Admin\AppData\Local\Temp\E_N4\krnln.fnr
          Filesize

          98KB

          MD5

          86be3b1d467afdfc0ea183ddb1491672

          SHA1

          65224081d8dfa3c305556a6c6f5afc5a14ef0f68

          SHA256

          eabaf04adb20de5a71c17b59921719989f2d3ce14801b893f9e6a240de3bc6c7

          SHA512

          8aa8fe708665f29cd2e20039b2dd607dc17d4397cc3dfe0008e466a424949ebf2d589dccf253016b7f42357869aa58ada3ebdcbc38a15d8df43f2ec013385ee9

          Download Submit

        • \Users\Admin\AppData\Local\Temp\E_N4\xplib.fne
          Filesize

          48KB

          MD5

          37a58e1c5ce48e401ee8dd1d1da54814

          SHA1

          a87d00d78838c2d968b72330ee6f21f69b2caae5

          SHA256

          1c426928fb90bedb31fcffa0f3fbe7bdbca4259f93f5abdefed6a9a089f2982c

          SHA512

          e85052fc305040bdcaf47262e0ce6eef0848b319baac72a076dc94e7d20ea7ad8fbdd7d5381606a3154ab84fe81429bb339123ac1cd94551b1dc9cecfb7a08bf

          Download Submit

        • memory/1332-0-0x0000000000400000-0x0000000000501000-memory.dmp

          Filesize

          1.0MB

          Download

        • memory/1332-8-0x0000000001E70000-0x0000000001EF6000-memory.dmp

          Filesize

          536KB

          Download

        • memory/1332-376-0x00000000024A0000-0x00000000024AD000-memory.dmp

          Filesize

          52KB

          Download

        • memory/1332-378-0x00000000002A0000-0x00000000002A1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1332-379-0x0000000001E70000-0x0000000001EF6000-memory.dmp

          Filesize

          536KB

          Download

        • memory/1332-381-0x0000000000400000-0x0000000000501000-memory.dmp

          Filesize

          1.0MB

          Download