Analysis

  • max time kernel
    145s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/12/2023, 09:51

General

  • Target

    651a4e3369f29c137140458c143a4a23.exe

  • Size

    1.8MB

  • MD5

    651a4e3369f29c137140458c143a4a23

  • SHA1

    133559632a551a7223f17205a660119f9e771384

  • SHA256

    cf223bfa764f93e00c8716e09c5594e5102e12254001d778f04c07109a5e237c

  • SHA512

    36e7337769d8451f9648f572842e30b3586db0ee2fe9b272810209676cc890eb256d82a45c6b43994f22f17294bc1041c7ac3e05236f2ad8277c2be6c5109071

  • SSDEEP

    24576:0h4XStU4gf2EW5A2DJr/kS4vGIk6v3HffvXlxfwx8nuSaHxkoISY57RbTihj4rER:0h+h43Dp/wPHHvXlaJSkx1k7hiOaEGD1

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\651a4e3369f29c137140458c143a4a23.exe
    "C:\Users\Admin\AppData\Local\Temp\651a4e3369f29c137140458c143a4a23.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    PID:2252

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\E_N4\eSkin.fne

          Filesize

          514KB

          MD5

          b86f61a424bd07b097a3921907acb229

          SHA1

          3270c851bee7f70e85421784979e3c2b7811c10c

          SHA256

          e067da819c50095332e4bbb4fc6d63fb6ad6ee801d0a92d751c38044c4387530

          SHA512

          9b7355e2c711a14aa92fb5bff0ef528ce933a74bcf9a5d3ca37fd3350c2010b2548e1b48eb7648efeb00db3deb4e5e2f36745c2d690853eb1a6234f530cd216a

        • C:\Users\Admin\AppData\Local\Temp\E_N4\krnln.fnr

          Filesize

          1.1MB

          MD5

          cf46bb62a1ba559ceb0fad7a5d642f28

          SHA1

          80b63dd193e84bfacbe535587dd38471b8ea2c24

          SHA256

          fe4bba1a99b332c8bbd196d3a2f3c78d9edc8f212842ff2efef17eba38427f67

          SHA512

          1f71f31fdc1ef7695d7a6e79218a9192804178bb2af80486de4f8ff3d7e176860813a61fa265bf78fe4ff722a85b72798938d715d8a2a034ac759505197a1058

        • C:\Users\Admin\AppData\Local\Temp\E_N4\xplib.fne

          Filesize

          48KB

          MD5

          37a58e1c5ce48e401ee8dd1d1da54814

          SHA1

          a87d00d78838c2d968b72330ee6f21f69b2caae5

          SHA256

          1c426928fb90bedb31fcffa0f3fbe7bdbca4259f93f5abdefed6a9a089f2982c

          SHA512

          e85052fc305040bdcaf47262e0ce6eef0848b319baac72a076dc94e7d20ea7ad8fbdd7d5381606a3154ab84fe81429bb339123ac1cd94551b1dc9cecfb7a08bf

        • C:\Users\Admin\AppData\Local\Temp\xp corona.ini

          Filesize

          13KB

          MD5

          a152624b37f76f785f5ac7e54c91b745

          SHA1

          c9df1dd86414df7f704c0e88259cc31ea1f261a0

          SHA256

          fa6d97c81e2d5d16b68e5e043398d202a7f08753be1537d4627a70df2e14c499

          SHA512

          9e6fcc306cdb07f4e48a7dbd2bb5ef4d950ade97c9b8cc0d5bb7b2d82656e1f2d186f5b5cbec650eb2bbe423b1c4a9683d239d5a7fd869fb700e7cccbce32a09

        • memory/2252-0-0x0000000000400000-0x0000000000501000-memory.dmp

          Filesize

          1.0MB

        • memory/2252-11-0x0000000002570000-0x00000000025F6000-memory.dmp

          Filesize

          536KB

        • memory/2252-382-0x00000000031B0000-0x00000000031BD000-memory.dmp

          Filesize

          52KB

        • memory/2252-385-0x0000000002240000-0x0000000002241000-memory.dmp

          Filesize

          4KB

        • memory/2252-386-0x0000000002570000-0x00000000025F6000-memory.dmp

          Filesize

          536KB

        • memory/2252-388-0x0000000000400000-0x0000000000501000-memory.dmp

          Filesize

          1.0MB

        • memory/2252-389-0x0000000002570000-0x00000000025F6000-memory.dmp

          Filesize

          536KB