75b7715602f55960885cc6a4d7ba4e09086101aa395b25adce762c46a6a8404a

Analysis

max time kernel
156s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 04:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0e9aa822a0dd812be4a362d2f0f52474.exe
Size

5.7MB
MD5

0e9aa822a0dd812be4a362d2f0f52474
SHA1

ce5eddd0d1f816eeef9ad9410344a7a180f76e0b
SHA256

75b7715602f55960885cc6a4d7ba4e09086101aa395b25adce762c46a6a8404a
SHA512

60a8a339cd932fc9fd3b99dc2333c3f25f5ee7ae91ef57c733102e842aba46afd4cafbed5375651e00d8bdfcdca37f5a22ed3745694557c60a59ca5853063c73
SSDEEP

49152:EQFRHrmQG+yrwrTyRpL5rmQG+yo+2mQG+y2rwrTyRpL5rmQG+yo+2mQG+k+yrwrq:EcKO/t/h

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3580	gjk.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3580	gjk.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
3580	gjk.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3580	gjk.exe
3580	gjk.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3984 wrote to memory of 3580	3984	0e9aa822a0dd812be4a362d2f0f52474.exe	92
PID 3984 wrote to memory of 3580	3984	0e9aa822a0dd812be4a362d2f0f52474.exe	92
PID 3984 wrote to memory of 3580	3984	0e9aa822a0dd812be4a362d2f0f52474.exe	92

C:\Users\Admin\AppData\Local\Temp\0e9aa822a0dd812be4a362d2f0f52474.exe
"C:\Users\Admin\AppData\Local\Temp\0e9aa822a0dd812be4a362d2f0f52474.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3984
- C:\Users\Admin\AppData\Local\Temp\gjk.exe
  C:\Users\Admin\AppData\Local\Temp\gjk.exe -run C:\Users\Admin\AppData\Local\Temp\0e9aa822a0dd812be4a362d2f0f52474.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3580

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\gjk.exe

Filesize
6.4MB

MD5
bafc3bb677776e54f1c9cbc20c34d609

SHA1
121b71e42c02904781c1d3b3782a4761fb61701f

SHA256
e0d7004b16bcb58bfa620555eb959d8b640fdb8cc2564b2b63256153b265ab0d

SHA512
c2d24837f65139ee84d9c934fe511639499e6a20ba244fc27c4273fe14e160f7249bc3d4da6dc46ea8e46d8bb94b5397ccf7438f2acb0e469e71663d3448a424

Download Submit
memory/3580-74-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/3580-77-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/3580-89-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/3580-94-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/3984-35-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/3984-13-0x0000000002560000-0x0000000002561000-memory.dmp

Filesize
4KB

Download
memory/3984-2-0x0000000002300000-0x0000000002350000-memory.dmp

Filesize
320KB

Download
memory/3984-3-0x00000000023A0000-0x00000000023A1000-memory.dmp

Filesize
4KB

Download
memory/3984-4-0x0000000002360000-0x0000000002361000-memory.dmp

Filesize
4KB

Download
memory/3984-5-0x0000000002350000-0x0000000002351000-memory.dmp

Filesize
4KB

Download
memory/3984-6-0x0000000002380000-0x0000000002381000-memory.dmp

Filesize
4KB

Download
memory/3984-36-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/3984-8-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/3984-10-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/3984-12-0x0000000002DA0000-0x0000000002DA2000-memory.dmp

Filesize
8KB

Download
memory/3984-11-0x0000000002390000-0x0000000002391000-memory.dmp

Filesize
4KB

Download
memory/3984-9-0x00000000023B0000-0x00000000023B1000-memory.dmp

Filesize
4KB

Download
memory/3984-33-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/3984-14-0x0000000002520000-0x0000000002521000-memory.dmp

Filesize
4KB

Download
memory/3984-20-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/3984-26-0x00000000025E0000-0x00000000025E1000-memory.dmp

Filesize
4KB

Download
memory/3984-17-0x0000000002500000-0x0000000002501000-memory.dmp

Filesize
4KB

Download
memory/3984-25-0x00000000025B0000-0x00000000025B1000-memory.dmp

Filesize
4KB

Download
memory/3984-28-0x0000000002D90000-0x0000000002D96000-memory.dmp

Filesize
24KB

Download
memory/3984-24-0x00000000025F0000-0x00000000025F1000-memory.dmp

Filesize
4KB

Download
memory/3984-23-0x00000000025C0000-0x00000000025C1000-memory.dmp

Filesize
4KB

Download
memory/3984-22-0x00000000025D0000-0x00000000025D1000-memory.dmp

Filesize
4KB

Download
memory/3984-21-0x0000000002610000-0x0000000002611000-memory.dmp

Filesize
4KB

Download
memory/3984-19-0x0000000002570000-0x0000000002571000-memory.dmp

Filesize
4KB

Download
memory/3984-29-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/3984-18-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/3984-31-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/3984-32-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/3984-30-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/3984-34-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/3984-0-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/3984-7-0x00000000022F0000-0x00000000022F1000-memory.dmp

Filesize
4KB

Download
memory/3984-1-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/3984-27-0x0000000002600000-0x0000000002601000-memory.dmp

Filesize
4KB

Download
memory/3984-16-0x0000000002540000-0x0000000002541000-memory.dmp

Filesize
4KB

Download
memory/3984-15-0x0000000002510000-0x0000000002511000-memory.dmp

Filesize
4KB

Download
memory/3984-39-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/3984-38-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/3984-37-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/3984-40-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/3984-64-0x0000000002DC0000-0x0000000002DC1000-memory.dmp

Filesize
4KB

Download
memory/3984-63-0x0000000002DD0000-0x0000000002DD1000-memory.dmp

Filesize
4KB

Download
memory/3984-62-0x0000000002DE0000-0x0000000002DE1000-memory.dmp

Filesize
4KB

Download
memory/3984-61-0x00000000006F0000-0x00000000006F1000-memory.dmp

Filesize
4KB

Download
memory/3984-60-0x00000000006E0000-0x00000000006E1000-memory.dmp

Filesize
4KB

Download
memory/3984-59-0x0000000002E50000-0x0000000002E51000-memory.dmp

Filesize
4KB

Download
memory/3984-58-0x0000000002E40000-0x0000000002E41000-memory.dmp

Filesize
4KB

Download
memory/3984-57-0x00000000024F0000-0x00000000024F1000-memory.dmp

Filesize
4KB

Download
memory/3984-56-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/3984-55-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/3984-54-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/3984-53-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/3984-52-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/3984-51-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/3984-50-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/3984-49-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/3984-48-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/3984-47-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/3984-46-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/3984-45-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/3984-44-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/3984-43-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/3984-42-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/3984-41-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/3984-67-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/3984-71-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download