91d20a0a79940fd30bb97b5dd3740dd78ab1a46251bba969e5e5fc30eed0bb30

General

Target

1fe88abfdb44a33eb0fedf7488aa160e.exe
Size

826KB
MD5

1fe88abfdb44a33eb0fedf7488aa160e
SHA1

3bc9ba7fa565f8c2e6a881e2b12cd86fe81f220a
SHA256

91d20a0a79940fd30bb97b5dd3740dd78ab1a46251bba969e5e5fc30eed0bb30
SHA512

a054d12f01e58adfe4d4e7ed498154887977ba467f3589438fdd3f56249946953d2204ba4814b50f3eb6a3466843d38f8517988392fbce0ed408448f56a293a6
SSDEEP

12288:LvjnBwaY9SE23XlL0nNUJVdKVS7MAD1lv+fkbDH:L7nccEuXwNUhMAD1N+fkHH

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1684	msglang.exe

Executes dropped EXE 2 IoCs

pid	Process
1684	msglang.exe
1972	msglang.exe

Loads dropped DLL 4 IoCs

pid	Process
1992	1fe88abfdb44a33eb0fedf7488aa160e.exe
1992	1fe88abfdb44a33eb0fedf7488aa160e.exe
1992	1fe88abfdb44a33eb0fedf7488aa160e.exe
1992	1fe88abfdb44a33eb0fedf7488aa160e.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files\messenger\hu243576h	1fe88abfdb44a33eb0fedf7488aa160e.exe
File opened for modification	\??\c:\program files\messenger\msglang.exe	1fe88abfdb44a33eb0fedf7488aa160e.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 1972	1992	1fe88abfdb44a33eb0fedf7488aa160e.exe	27
PID 1992 wrote to memory of 1972	1992	1fe88abfdb44a33eb0fedf7488aa160e.exe	27
PID 1992 wrote to memory of 1972	1992	1fe88abfdb44a33eb0fedf7488aa160e.exe	27
PID 1992 wrote to memory of 1972	1992	1fe88abfdb44a33eb0fedf7488aa160e.exe	27
PID 1992 wrote to memory of 1684	1992	1fe88abfdb44a33eb0fedf7488aa160e.exe	28
PID 1992 wrote to memory of 1684	1992	1fe88abfdb44a33eb0fedf7488aa160e.exe	28
PID 1992 wrote to memory of 1684	1992	1fe88abfdb44a33eb0fedf7488aa160e.exe	28
PID 1992 wrote to memory of 1684	1992	1fe88abfdb44a33eb0fedf7488aa160e.exe	28

C:\Users\Admin\AppData\Local\Temp\1fe88abfdb44a33eb0fedf7488aa160e.exe
"C:\Users\Admin\AppData\Local\Temp\1fe88abfdb44a33eb0fedf7488aa160e.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1992
- \??\c:\program files\messenger\msglang.exe
  "c:\program files\messenger\msglang.exe"
  2⤵
  - Executes dropped EXE
  PID:1972
- \??\c:\program files\messenger\msglang.exe
  "c:\program files\messenger\msglang.exe" C:\Users\Admin\AppData\Local\Temp\1fe88abfdb44a33eb0fedf7488aa160e.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  PID:1684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\messenger\msglang.exe

Filesize
2.2MB

MD5
16e43d1c9c1e92d1ee968d459fef48a3

SHA1
7b657b7dabb8578501e42bc7cd357cf5c61c35b5

SHA256
53b00097180c27728f6c4adb7ad0378e0183c140ac3b86f57a9cc5c426a66a78

SHA512
a77e620c49720572b945c6fd2d4ae7673127a72a839c71502958925d03386349a5b30e1f5430557b564315140666c06d149286e9321779f980600ff3013e9151

Download Submit
C:\Program Files\messenger\msglang.exe

Filesize
2.4MB

MD5
85e52ee6a12f1bf08dc25c5a4ef215c8

SHA1
7936a31fc7b734c396536ff463e4a6c63f6097a3

SHA256
9918a53f59acc69417a4905743add43560113c09e134f4704bae9e7a721aac4b

SHA512
53c99fb051f2d93fcae0f664dce46aa526878a78989b0147a387203c2351778caedbf5d352adce46e1ce4cafc481bdad350bd7c1ef4e684823ea4926d11db20f

Download Submit
C:\Program Files\messenger\msglang.exe

Filesize
3.9MB

MD5
d028c28409b9885285de76e65dcc4ad6

SHA1
83a81410ffe9387fc80586e343512f12c35e4cb7

SHA256
160df6da8b8b7971315102a67a14c61bd5601ae076b54b2f87a92095e5f2ac60

SHA512
17873518cdcff0e24f1e18ffb078bca30af1c73943894dfb4c650037c0ec5717f4d60969dad984826b0c105f4c26e8ebaf5bd4b713d0721db351cdbcf2ba2dc0

Download Submit
\??\c:\program files\messenger\msglang.exe

Filesize
4.2MB

MD5
95f376734e4b422ccae95674c0bb3a62

SHA1
401eed2d69fba1347fa9ff5823c4dd65b04c0f43

SHA256
e8d196c3c78ddf0025674533d51eb21a4997e29c6c4da2925aafa6039b5cff59

SHA512
cb31ce8c02d1a4b1d135003e2bdc37eb82c62f4271e127b5b0192c61d728769f008438d619d9911ca1703acf9ec93e40204ad55b1ab540d0099cae113d454131

Download Submit
\Program Files\messenger\msglang.exe

Filesize
4.8MB

MD5
a2112451d73fd9c95dd9ed448ce6b65b

SHA1
6bdcae5b37678a7eeabecbee36d6559f691ca256

SHA256
0c7df27a147906af5a31c389ed167642886ab1660553b5104a4fb09b62b4e4e1

SHA512
49555e58ac596613725cc8b9b0d87a2dc4be3b41f7eb97708c01006d3a556f16ece72b9b3849a5aa6be1e8e0ea0dd3a5d8c76d52b6c3b289046cf45e71e30ae1

Download Submit
\Program Files\messenger\msglang.exe

Filesize
3.2MB

MD5
e6867148b0e10196f7773e0297b3f779

SHA1
a901b26381ef640c856ee51952362219611b6668

SHA256
cea8e1bbea6cfa5a1d86e164858e32107dbfb1b8580aea97943734e0103edfa7

SHA512
3d04af495727956cad50557e74a8352797ca06a00298d44cc54e4b1e3b878672b6d19ac7076e288f9c08648b2681ddfd096647872ea92983a31c423203cd05ce

Download Submit
\Program Files\messenger\msglang.exe

Filesize
4.4MB

MD5
0d1373409d0d665597f435e062e96247

SHA1
4213b573e9c3719236ee04005485a3200b38df07

SHA256
54362c9abc09067a4e88e13bedbb855b28370514f5ae89b9603fd5a40d447dfa

SHA512
9c9bd1824afcf5931dacb59d10241e5781da5c4928991dc4e407ec9518cd93cfa352571ae2ca19e412be53b6552e965fc0af0e905d01c11a8bb240f8435b6c32

Download Submit
\Program Files\messenger\msglang.exe

Filesize
3.1MB

MD5
2c5e0c8a50522bcacfa9b902155df56a

SHA1
2d8489536c7d511c4d462597f04fe0ed4396315f

SHA256
d0ea347098080c97bb7ed0abbf3fa2d0b42aa1f12e903d64daec31cb9224a050

SHA512
0d091cfdfd671f80eea88099ec28c280c2c60fddf12b7f178f43ea21dfecc334837bdb0525d112ac524ba2c9a842d45ead3b1ca1e4f162d3e516430057d1d158

Download Submit
memory/1684-36-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1684-39-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1992-34-0x0000000000020000-0x000000000002A000-memory.dmp

Filesize
40KB

Download
memory/1992-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1992-22-0x0000000000020000-0x000000000002A000-memory.dmp

Filesize
40KB

Download
memory/1992-18-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads