Overview

overview

10

Static

static

3

Windows Vi...te.exe

windows7-x64

10

Windows Vi...te.exe

windows10-2004-x64

5

Windows Vi...om.url

windows7-x64

1

Windows Vi...om.url

windows10-2004-x64

1

Analysis

  • max time kernel
    2s
  • max time network
    104s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 04:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Windows Vista Activation/Activate.exe

  • Size

    1.4MB

  • MD5

    a24a3159f181f2b512ff7c76533ebb81

  • SHA1

    6fd539c29d49659ebc043c8b8e3ef27095fd63db

  • SHA256

    429fa50962dff9b6ed601b4926487c463a73043e9e6e5a420642412771faa6f8

  • SHA512

    55e38b5d2dd2505a075ddccc8a855e7de90361cfde5b53dead18185f090172869a226c7e52b5d9e47f2ef76ec68a4db2d7bac6b90bc21a7ca780fec3e469c56e

  • SSDEEP

    24576:/Qc5TVqCdqsoDthQs8KWuuLkQyQLO1D3rRJQXYeik9FPgvOt074doRxrrrrU8:/9AfiMiYdPRJQIe5qOt074doRxrrrrd

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Windows Vista Activation\Activate.exe
    "C:\Users\Admin\AppData\Local\Temp\Windows Vista Activation\Activate.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4368
    • C:\Users\Admin\AppData\Local\Temp\Windows Vista Activation\Activate.exe
      "C:\Users\Admin\AppData\Local\Temp\Windows Vista Activation\Activate.exe"
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:2004
      • C:\Users\Admin\AppData\Local\Temp\Activate.exe
        "C:\Users\Admin\AppData\Local\Temp\Activate.exe"
        3⤵
          PID:3644
          • C:\Users\Admin\AppData\Local\Temp\RarSFX0\setup.exe
            "C:\Users\Admin\AppData\Local\Temp\RarSFX0\setup.exe"
            4⤵
              PID:1808
          • C:\Users\Admin\AppData\Local\Temp\Update.exe
            "C:\Users\Admin\AppData\Local\Temp\Update.exe"
            3⤵
              PID:1004

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1808-97-0x0000000000A30000-0x0000000000A40000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1808-99-0x0000000000A30000-0x0000000000A40000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1808-98-0x0000000072CC0000-0x0000000073271000-memory.dmp

          Filesize

          5.7MB

          Download

        • memory/1808-93-0x0000000072CC0000-0x0000000073271000-memory.dmp

          Filesize

          5.7MB

          Download

        • memory/1808-100-0x0000000000A30000-0x0000000000A40000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1808-102-0x0000000072CC0000-0x0000000073271000-memory.dmp

          Filesize

          5.7MB

          Download

        • memory/1808-104-0x0000000000A30000-0x0000000000A40000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2004-3-0x0000000000400000-0x0000000000523000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/2004-6-0x0000000000400000-0x0000000000523000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/2004-25-0x0000000000400000-0x0000000000523000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3644-101-0x0000000000400000-0x000000000044B000-memory.dmp

          Filesize

          300KB

          Download