Overview

overview

7

Static

static

3

1412c87987...4f.exe

windows7-x64

7

1412c87987...4f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-12-2023 09:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1412c87987e9a68cc9e369c5f495e74f.exe

  • Size

    161KB

  • MD5

    1412c87987e9a68cc9e369c5f495e74f

  • SHA1

    f0030a0105fb721c27f86b477548d57faa939320

  • SHA256

    6088e30c50e8f72f7356d4d0fb5c145ee39ccbf901327ab724a51ca6f23dcd26

  • SHA512

    3691bd6833a6b8b694533d558459fc266bb5b429697de7b48070a5c4cbc181c2a647b0596ab6ea88fca1cfbaf1327313f08011d09e2275adeb4b2719ae119c0c

  • SSDEEP

    3072:5M/7gunqYbCpCFXmW3HEO2xF/WvUXROS7VZ4KchENoOh/t1yqY/KId:huqICpsWARbvUX/z4KchCtfyTKG

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1412c87987e9a68cc9e369c5f495e74f.exe
    "C:\Users\Admin\AppData\Local\Temp\1412c87987e9a68cc9e369c5f495e74f.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1392
    • \??\c:\windows\SysWOW64\tasklist32.exe
      c:\windows\system32\tasklist32.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2044
      • \??\c:\windows\SysWOW64\tasklist32.exe
        c:\windows\system32\tasklist32.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:232

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\tasklist32.exe
    Filesize

    93KB

    MD5

    39e3ed13ec5629cbc4f7389829a34a52

    SHA1

    0b9c593e4f5b5dd17d387089b562249cdc521292

    SHA256

    5eb5567cf8f8a98e898ea0afd1d094ac833dd23416ecd32e15cf24c4c1479fa4

    SHA512

    96d34a53f4703c48e29fdfd60da8d1bb9848bc3e8d35cc0e07c2c751c0c1262c9d14a848d4d76842cce52cc5ddba7af6bf08e0c0c44f35e295632ae631ef2fdb

    Download Submit

  • C:\Windows\SysWOW64\tasklist32.exe
    Filesize

    161KB

    MD5

    1412c87987e9a68cc9e369c5f495e74f

    SHA1

    f0030a0105fb721c27f86b477548d57faa939320

    SHA256

    6088e30c50e8f72f7356d4d0fb5c145ee39ccbf901327ab724a51ca6f23dcd26

    SHA512

    3691bd6833a6b8b694533d558459fc266bb5b429697de7b48070a5c4cbc181c2a647b0596ab6ea88fca1cfbaf1327313f08011d09e2275adeb4b2719ae119c0c

    Download Submit

  • memory/232-14-0x0000000000400000-0x000000000062A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/232-18-0x0000000000400000-0x000000000062A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/232-16-0x0000000000020000-0x0000000000022000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1392-0-0x0000000000400000-0x000000000062A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/1392-1-0x00000000001C0000-0x00000000001C2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1392-19-0x0000000000400000-0x000000000062A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2044-9-0x0000000000400000-0x000000000062A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2044-10-0x00000000001C0000-0x00000000001C2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2044-20-0x0000000000400000-0x000000000062A000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2044-21-0x0000000000400000-0x000000000062A000-memory.dmp

    Filesize

    2.2MB

    Download