dd053a01e851c748806336f6b9a7a5a01cc70a5df6af0f11ab581b5234e617fd

Analysis

max time kernel
154s
max time network
145s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 15:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

78ba729c319500d4ab08b31bf056dba5.exe
Size

2.2MB
MD5

78ba729c319500d4ab08b31bf056dba5
SHA1

670f23244940054f64556ba78102c13af08c3161
SHA256

dd053a01e851c748806336f6b9a7a5a01cc70a5df6af0f11ab581b5234e617fd
SHA512

deb9e5f320828190919af0c126bdc8b80e3862c889701877c473a78b38eaa6d4dd587f9c4280f830e6f103abdba540793b11e5f6fef75a905b8c25cb6c28a6c2
SSDEEP

49152:5JUwM7O85GsIPANnMHrS9q2+OEn7tiNNusm4J67VGImpiminyYN:w3dtIiAri+OcKA4aVjt5N

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1988	svchost.exe

Loads dropped DLL 2 IoCs

pid	Process
2280	78ba729c319500d4ab08b31bf056dba5.exe
2280	78ba729c319500d4ab08b31bf056dba5.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2280	78ba729c319500d4ab08b31bf056dba5.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2280	78ba729c319500d4ab08b31bf056dba5.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2280	78ba729c319500d4ab08b31bf056dba5.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
2280	78ba729c319500d4ab08b31bf056dba5.exe
2280	78ba729c319500d4ab08b31bf056dba5.exe
2280	78ba729c319500d4ab08b31bf056dba5.exe
2280	78ba729c319500d4ab08b31bf056dba5.exe
2280	78ba729c319500d4ab08b31bf056dba5.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2280 wrote to memory of 1988	2280	78ba729c319500d4ab08b31bf056dba5.exe	30
PID 2280 wrote to memory of 1988	2280	78ba729c319500d4ab08b31bf056dba5.exe	30
PID 2280 wrote to memory of 1988	2280	78ba729c319500d4ab08b31bf056dba5.exe	30
PID 2280 wrote to memory of 1988	2280	78ba729c319500d4ab08b31bf056dba5.exe	30

C:\Users\Admin\AppData\Local\Temp\78ba729c319500d4ab08b31bf056dba5.exe
"C:\Users\Admin\AppData\Local\Temp\78ba729c319500d4ab08b31bf056dba5.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2280
- C:\Users\Admin\AppData\Roaming\Thinstall\LTD2007_English_Yiddish\1000000800002i\svchost.exe
  C:\Windows\system32\svchost.exe -k LocalService
  2⤵
  - Executes dropped EXE
  PID:1988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Thinstall\LTD2007_English_Yiddish\%ProgramFilesDir%\LingvoSoft\LTD2007_English_Yiddish\LD2007.exe

Filesize
1.5MB

MD5
042579ad9d6a790b68ab634aa14fbbc5

SHA1
cb8c0284a0aa2c60121507e5f5c60741a146e6e3

SHA256
97dccec0708d9f89ec08502d56414e46363a5d4aac588079d3faa867007ff7ba

SHA512
c9a858d5c4d0a6855d5a7e0c6853036d9f3ccb357b44c0414dae824b22678b7d516a1c1427510bf8725277e4b1915b2917fd7a5ea788366b3a6155efaaf8ae42

Download Submit
C:\Users\Admin\AppData\Roaming\Thinstall\LTD2007_English_Yiddish\1000000800002i\svchost.exe

Filesize
33KB

MD5
213dc0fc57e7594c0936a561229277d7

SHA1
2b6138fb222e291ee162eb512c70645896dc3b76

SHA256
2e160fc0a84fe613d89f4cb717cc5d7228829b08d0a817ecf2ff9c90dab4811a

SHA512
e72c565b530c2c8f2e0a542f07bf67ad5d5d4f4d9cd2bb19797a307bc28636f08e7e4263fe257f5491d0aaeda0dca74f6c9c039f6c021ff8241c0522565d7fbf

Download Submit
memory/1988-86-0x0000000077060000-0x0000000077065000-memory.dmp

Filesize
20KB

Download
memory/1988-65-0x0000000000740000-0x0000000000866000-memory.dmp

Filesize
1.1MB

Download
memory/1988-85-0x0000000075080000-0x00000000750D7000-memory.dmp

Filesize
348KB

Download
memory/1988-87-0x0000000076690000-0x00000000767A0000-memory.dmp

Filesize
1.1MB

Download
memory/1988-84-0x0000000075200000-0x0000000075E4A000-memory.dmp

Filesize
12.3MB

Download
memory/1988-63-0x0000000000740000-0x0000000000866000-memory.dmp

Filesize
1.1MB

Download
memory/1988-66-0x0000000001000000-0x000000000100A000-memory.dmp

Filesize
40KB

Download
memory/1988-71-0x0000000000740000-0x0000000000866000-memory.dmp

Filesize
1.1MB

Download
memory/1988-72-0x0000000000740000-0x0000000000866000-memory.dmp

Filesize
1.1MB

Download
memory/1988-76-0x0000000076690000-0x00000000767A0000-memory.dmp

Filesize
1.1MB

Download
memory/1988-78-0x00000000767A0000-0x00000000768FC000-memory.dmp

Filesize
1.4MB

Download
memory/1988-81-0x0000000076540000-0x00000000765E0000-memory.dmp

Filesize
640KB

Download
memory/1988-82-0x00000000767A0000-0x00000000768FC000-memory.dmp

Filesize
1.4MB

Download
memory/1988-83-0x0000000074E60000-0x0000000074E69000-memory.dmp

Filesize
36KB

Download
memory/1988-79-0x0000000001000000-0x000000000100A000-memory.dmp

Filesize
40KB

Download
memory/1988-67-0x0000000000740000-0x0000000000866000-memory.dmp

Filesize
1.1MB

Download
memory/1988-70-0x0000000000740000-0x0000000000866000-memory.dmp

Filesize
1.1MB

Download
memory/1988-69-0x0000000000740000-0x0000000000866000-memory.dmp

Filesize
1.1MB

Download
memory/1988-77-0x000000007EFA0000-0x000000007EFA4000-memory.dmp

Filesize
16KB

Download
memory/1988-68-0x0000000000740000-0x0000000000866000-memory.dmp

Filesize
1.1MB

Download
memory/2280-31-0x0000000074AD0000-0x0000000074C6E000-memory.dmp

Filesize
1.6MB

Download
memory/2280-7-0x0000000001D80000-0x0000000001EA6000-memory.dmp

Filesize
1.1MB

Download
memory/2280-48-0x0000000001D80000-0x0000000001EA6000-memory.dmp

Filesize
1.1MB

Download
memory/2280-62-0x00000000047D0000-0x00000000047DA000-memory.dmp

Filesize
40KB

Download
memory/2280-3-0x0000000000400000-0x000000000057A000-memory.dmp

Filesize
1.5MB

Download
memory/2280-64-0x00000000047D0000-0x00000000047DA000-memory.dmp

Filesize
40KB

Download
memory/2280-41-0x0000000001D80000-0x0000000001EA6000-memory.dmp

Filesize
1.1MB

Download
memory/2280-34-0x0000000010000000-0x0000000010091000-memory.dmp

Filesize
580KB

Download
memory/2280-4-0x0000000001D80000-0x0000000001EA6000-memory.dmp

Filesize
1.1MB

Download
memory/2280-32-0x0000000003290000-0x0000000003321000-memory.dmp

Filesize
580KB

Download
memory/2280-35-0x0000000001D80000-0x0000000001EA6000-memory.dmp

Filesize
1.1MB

Download
memory/2280-26-0x00000000767A0000-0x00000000768FC000-memory.dmp

Filesize
1.4MB

Download
memory/2280-25-0x0000000076540000-0x00000000765E0000-memory.dmp

Filesize
640KB

Download
memory/2280-21-0x0000000000400000-0x000000000057A000-memory.dmp

Filesize
1.5MB

Download
memory/2280-20-0x0000000000400000-0x000000000057A000-memory.dmp

Filesize
1.5MB

Download
memory/2280-19-0x000000007EFA0000-0x000000007EFA4000-memory.dmp

Filesize
16KB

Download
memory/2280-18-0x0000000076690000-0x00000000767A0000-memory.dmp

Filesize
1.1MB

Download
memory/2280-17-0x0000000001D80000-0x0000000001EA6000-memory.dmp

Filesize
1.1MB

Download
memory/2280-10-0x0000000001D80000-0x0000000001EA6000-memory.dmp

Filesize
1.1MB

Download
memory/2280-42-0x0000000001D80000-0x0000000001EA6000-memory.dmp

Filesize
1.1MB

Download
memory/2280-8-0x0000000001D80000-0x0000000001EA6000-memory.dmp

Filesize
1.1MB

Download
memory/2280-0-0x0000000001D80000-0x0000000001EA6000-memory.dmp

Filesize
1.1MB

Download
memory/2280-6-0x0000000001D80000-0x0000000001EA6000-memory.dmp

Filesize
1.1MB

Download
memory/2280-1-0x0000000001D80000-0x0000000001EA6000-memory.dmp

Filesize
1.1MB

Download
memory/2280-2-0x0000000001D80000-0x0000000001EA6000-memory.dmp

Filesize
1.1MB

Download
memory/2280-5-0x0000000001D80000-0x0000000001EA6000-memory.dmp

Filesize
1.1MB

Download
memory/2280-88-0x0000000000400000-0x000000000057A000-memory.dmp

Filesize
1.5MB

Download
memory/2280-92-0x0000000074E60000-0x0000000074E69000-memory.dmp

Filesize
36KB

Download
memory/2280-95-0x0000000077060000-0x0000000077065000-memory.dmp

Filesize
20KB

Download
memory/2280-94-0x0000000075080000-0x00000000750D7000-memory.dmp

Filesize
348KB

Download
memory/2280-93-0x0000000075200000-0x0000000075E4A000-memory.dmp

Filesize
12.3MB

Download
memory/2280-91-0x00000000767A0000-0x00000000768FC000-memory.dmp

Filesize
1.4MB

Download
memory/2280-90-0x0000000076540000-0x00000000765E0000-memory.dmp

Filesize
640KB

Download
memory/2280-97-0x0000000074AD0000-0x0000000074C6E000-memory.dmp

Filesize
1.6MB

Download
memory/2280-96-0x0000000074FF0000-0x000000007506B000-memory.dmp

Filesize
492KB

Download
memory/2280-99-0x0000000000400000-0x000000000057A000-memory.dmp

Filesize
1.5MB

Download
memory/2280-109-0x0000000076690000-0x00000000767A0000-memory.dmp

Filesize
1.1MB

Download
memory/2280-110-0x000000007EFA0000-0x000000007EFA4000-memory.dmp

Filesize
16KB

Download