Overview

overview

5

Static

static

3

f8f1c55205...de.exe

windows7-x64

5

f8f1c55205...de.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    117s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    28/12/2023, 21:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f8f1c5520568754dfd4fd4ba7d04b1de.exe

  • Size

    529KB

  • MD5

    f8f1c5520568754dfd4fd4ba7d04b1de

  • SHA1

    e8d3db144c9c32a8b3b0d272e4a791f6303a494e

  • SHA256

    009618c7a0587fbf7128e9c88a8294cbac716fa535fa24bb692aaa1c3c35d60c

  • SHA512

    7aab736d0c14205b559436ae34b0daffe18c4f639cfe6dda0d99c36ef173c5a6ef7f9462f88c8a3b1f27a321fbc0ed0dddc1d259810a27723fbad31e003888d4

  • SSDEEP

    6144:5y1goobRe69T5znZwjsJVU9P2riCJQUJmfRrXm6OMFZr01vDB6HKFZtT9gR4Wun8:tt9x6jsJ1XpoR7u5veKlTSq2M8

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f8f1c5520568754dfd4fd4ba7d04b1de.exe
    "C:\Users\Admin\AppData\Local\Temp\f8f1c5520568754dfd4fd4ba7d04b1de.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2288
    • C:\Users\Admin\AppData\Local\Temp\f8f1c5520568754dfd4fd4ba7d04b1de.exe
      C:\Users\Admin\AppData\Local\Temp\f8f1c5520568754dfd4fd4ba7d04b1de.exe
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1524
      • C:\Users\Admin\AppData\Local\Temp\f8f1c5520568754dfd4fd4ba7d04b1de.exe
        3⤵
          PID:2184

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1524-2-0x0000000000400000-0x0000000000406000-memory.dmp

      Filesize

      24KB

      Download

    • memory/1524-4-0x0000000000400000-0x0000000000406000-memory.dmp

      Filesize

      24KB

      Download

    • memory/1524-17-0x0000000000400000-0x0000000000406000-memory.dmp

      Filesize

      24KB

      Download

    • memory/2184-11-0x0000000000400000-0x0000000000453000-memory.dmp

      Filesize

      332KB

      Download

    • memory/2184-13-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2184-12-0x0000000000400000-0x0000000000453000-memory.dmp

      Filesize

      332KB

      Download

    • memory/2184-9-0x0000000000400000-0x0000000000453000-memory.dmp

      Filesize

      332KB

      Download

    • memory/2184-7-0x0000000000400000-0x0000000000453000-memory.dmp

      Filesize

      332KB

      Download

    • memory/2184-15-0x0000000000400000-0x0000000000453000-memory.dmp

      Filesize

      332KB

      Download

    • memory/2184-19-0x0000000000400000-0x0000000000453000-memory.dmp

      Filesize

      332KB

      Download

    • memory/2184-20-0x0000000000400000-0x0000000000453000-memory.dmp

      Filesize

      332KB

      Download