9eed46ae88e12caca01bc4c471866acd80a77b27e26285c0a8f54a4aef5a75d2

Analysis

max time kernel
185s
max time network
200s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 14:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

397cccde9fc2fade9c42c20f57a1d9fa.exe
Size

117KB
MD5

397cccde9fc2fade9c42c20f57a1d9fa
SHA1

bc36dd982d1a0bc2fe3ad14280aaa3c9dbd3062f
SHA256

9eed46ae88e12caca01bc4c471866acd80a77b27e26285c0a8f54a4aef5a75d2
SHA512

7857bd868fb35615bda56f9293a3425dfc3d2fb128e31d3a366795f9156be382e0870d0a873b29b9b592b79acc94f7a638cc22e5592a80b5ff5d882c77c4c2d7
SSDEEP

3072:PYVSRMQAn+p6cgZ9EMNg60FaIFLkollPgdUFp4:P7RMQA+pEZ9ZNgXFaYfwUM

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
336	397cccde9fc2fade9c42c20f57a1d9fa.exe
336	397cccde9fc2fade9c42c20f57a1d9fa.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\pctools.exe	397cccde9fc2fade9c42c20f57a1d9fa.exe
File opened for modification	C:\Windows\SysWOW64\pctools.exe	397cccde9fc2fade9c42c20f57a1d9fa.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Debug\pctools.dll	397cccde9fc2fade9c42c20f57a1d9fa.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
336	397cccde9fc2fade9c42c20f57a1d9fa.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 336 wrote to memory of 548	336	397cccde9fc2fade9c42c20f57a1d9fa.exe	91
PID 336 wrote to memory of 548	336	397cccde9fc2fade9c42c20f57a1d9fa.exe	91
PID 336 wrote to memory of 548	336	397cccde9fc2fade9c42c20f57a1d9fa.exe	91
PID 336 wrote to memory of 4812	336	397cccde9fc2fade9c42c20f57a1d9fa.exe	94
PID 336 wrote to memory of 4812	336	397cccde9fc2fade9c42c20f57a1d9fa.exe	94
PID 336 wrote to memory of 4812	336	397cccde9fc2fade9c42c20f57a1d9fa.exe	94

C:\Users\Admin\AppData\Local\Temp\397cccde9fc2fade9c42c20f57a1d9fa.exe
"C:\Users\Admin\AppData\Local\Temp\397cccde9fc2fade9c42c20f57a1d9fa.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:336
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c 3.bat
  2⤵
  PID:548
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c 3.bat
  2⤵
  PID:4812

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\3.bat

Filesize
61B

MD5
4722119c8f51743a5ee9d41bc74930ec

SHA1
978523142c3f53c9c527b669cc9d2ffa55579f34

SHA256
db6751010e851d83de4119f49e47dacd4639b5dc5ab096d28bf1ea6b7ac12576

SHA512
a314dd2e688c9606aaf3aeffa95b4da9516dd61f79840ab7ac30ca7cdb653c9bb2e441380ed6851b4a1e34765afdeb37d5ebc56ca103e6aa1d84df9de04418f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\3.bat

Filesize
96B

MD5
2f1f33ed394109adca4504b083ed24d1

SHA1
c1bfb4f81e540dd590cdf9e49595c53ed200a022

SHA256
ff6c9924e3c4977278211eaeb11ae74732b9ae3968be95d7f2722a04b7a86e66

SHA512
2ff275877536db81fea2ded84c5cbfda64eca259c8998d4ad6275ed7efd9cb195060efcc1e4c9fae145700bda64a3eec280f3f42365c55e9cce7e6762c1e4dbb

Download Submit
C:\Windows\debug\pctools.dll

Filesize
108KB

MD5
bb6176bc4c6898404c1af80286f46b9f

SHA1
eeef7ff8394c4abad72ffbfa34371f26bde595e7

SHA256
901129549030de3aa39f9e6927e538a8d877453b54a422d323052fd8ed767ebc

SHA512
562aa8803df6fbba00a436922aaf894ab9bb702cd04c96fb09b9c244f5168b28e8f14e0002c457b38e3011d62e05155b4c1ed3a28f21ec3c91a6e586e75a330e

Download Submit
memory/336-4-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/336-0-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/336-2-0x00000000001C0000-0x00000000001C2000-memory.dmp

Filesize
8KB

Download
memory/336-1-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/336-17-0x00000000021A0000-0x00000000021EB000-memory.dmp

Filesize
300KB

Download
memory/336-19-0x00000000021A0000-0x00000000021EB000-memory.dmp

Filesize
300KB

Download
memory/336-20-0x00000000021A0000-0x00000000021EB000-memory.dmp

Filesize
300KB

Download
memory/336-21-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/336-22-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/336-23-0x00000000001C0000-0x00000000001C2000-memory.dmp

Filesize
8KB

Download
memory/336-25-0x00000000021A0000-0x00000000021EB000-memory.dmp

Filesize
300KB

Download