Overview

overview

7

Static

static

3

106610232a...f2.exe

windows7-x64

7

106610232a...f2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    1s
  • max time network
    132s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-12-2023 05:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    106610232a6c094912b27dd1383e31f2.exe

  • Size

    294KB

  • MD5

    106610232a6c094912b27dd1383e31f2

  • SHA1

    0e2c699cc2326f7dab1c534b8ce496cdbe46dd06

  • SHA256

    232c7166552282895881433a8948cbfc1d7798629db39ce014a8d36c2353e427

  • SHA512

    b9fcdebb1a11baa09eab99399f19b87924148661636ab58e4314d37747cbc05bc413171acf603289bd1347f5e482357b5fd6c3866a10123662cd7b5530a856ea

  • SSDEEP

    6144:kzG8n6K2nWfZQKIG6bYDXVI7sYpWnZA+/FpxdhJ:g1IIZybYLy7zAlNdX

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\106610232a6c094912b27dd1383e31f2.exe
    "C:\Users\Admin\AppData\Local\Temp\106610232a6c094912b27dd1383e31f2.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:4812
    • C:\Windows\lsass.exe
      C:\Windows\lsass.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4812-26-0x0000000000400000-0x0000000000430000-memory.dmp

    Filesize

    192KB

    Download