Overview

overview

3

Static

static

3

2852da6d9d...13.exe

windows7-x64

1

2852da6d9d...13.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    164s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 04:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2852da6d9db3f080336b5ca7a9132c13.exe

  • Size

    244KB

  • MD5

    2852da6d9db3f080336b5ca7a9132c13

  • SHA1

    c76820f67fdbcac610b1588165339de9bf2ad7f7

  • SHA256

    3ac341080297c5207ba224d0dc807ab0d256e5d16ad3ceaf1c151cc7792b1ab2

  • SHA512

    0a61eb7a9d1a49495354d46cb677114a32dc8bc7db77567e76b4122393ef330e7bacc29f88e41ebf87feeadeb223a9ab55b80a17d8c5b0295a32b938c4499a8c

  • SSDEEP

    3072:exBcTBPt+MxJwVEi/8HAuPX6HGJfKV2DVLoF4x7H9PoS2:MBEBl+ywVEi/8HAuiHCftDVLoF4B9h2

Score
1/10

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\2852da6d9db3f080336b5ca7a9132c13.exe
    "C:\Users\Admin\AppData\Local\Temp\2852da6d9db3f080336b5ca7a9132c13.exe"
    1⤵
      PID:1352
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\glk_300_212.bat" "
        2⤵
          PID:1496
          • C:\Windows\SysWOW64\regsvr32.exe
            regsvr32 /s /c C:\Users\Admin\AppData\Roaming\PIPI\pwdedit.dll
            3⤵
              PID:1412

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\cdf1912.tmp
          Filesize

          858B

          MD5

          d727e34e3f5eb5ee1ce17fe4c66bf617

          SHA1

          ea796e8b305510775d244f30758e125a01569626

          SHA256

          d0cd1c2b674ee72b000ecacb181addd7735f4c3478731c23f4649e312e4c607d

          SHA512

          ae3028364bf02b3e7c78d7a44a3305537c16d7feefb9dd968296b86425babaccee81af0c40eb7f8f374266df0e2c3c1a08b6b951ceaddc55572d6f0f1e85705c

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\glk_300_212.bat
          Filesize

          62B

          MD5

          f33f30c3cddbb32ce1641f7aa325a170

          SHA1

          dcaa649892d9acf11658bb7b85ae63b76d36a4a8

          SHA256

          efc90ad2a6161fb21977815aeb81095e82572a40a2b3ab69cd1abad04c6bc23d

          SHA512

          d07d64eaf8cee948de2099fc791f79a5b6a58529c760bd3f3105d2689708930026a54b3b27c0e55bbf4b3356ff9c8bd915704e80af7735a865bcf4a9abcadf79

          Download Submit

        • C:\Users\Admin\AppData\Roaming\PIPI\pwdedit.dll
          Filesize

          45KB

          MD5

          cebf5c90c54a205836e73ec1e4026505

          SHA1

          4752710d4c6f95539915346bfbecc585bd6d562a

          SHA256

          6cc2cd2510a7d29486a791aed6b2989466cbd69c1039ba2abecaaa3d31df34ef

          SHA512

          bb4a924b58b941e5d2956c3865ac8c2432bfaea666cdfa1e3fa49c7674cb1da9ae066df841938c8e15264ecb6f70733001655836dcc456c7b6e726acbc1532de

          Download Submit

        • \Users\Admin\AppData\Roaming\PIPI\pwdedit.dll
          Filesize

          1KB

          MD5

          00bfd24c62836f47463211abdc2f8fbd

          SHA1

          952a3e887bb9325be9f6fbbfe0864eccc5a9d5b8

          SHA256

          afbb6bc371e9fcabac7345886821af36c64e488338ae7432a6fc7939af469a14

          SHA512

          6cdb0d742e447c2d9a9a294601680e1ec38cc5b73acf436723c27fb05793b257a51fee4d61d3b705caf466778de758b0440a3c8f22c35fcf330952624e214861

          Download Submit

        • memory/1352-0-0x0000000000400000-0x000000000043D000-memory.dmp

          Filesize

          244KB

          Download