0a4490bb94661337da87f9d367feb0238417bc5d32158a2972860a430130206f

Analysis

max time kernel
149s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
07-01-2024 16:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

497786f2c96182c528e121edf912e8ae.exe
Size

685KB
MD5

497786f2c96182c528e121edf912e8ae
SHA1

2c0554b54efd9ebddcd5111f87e1c7154e268dc5
SHA256

0a4490bb94661337da87f9d367feb0238417bc5d32158a2972860a430130206f
SHA512

2e6b45bb3f6ad5ac6d805c4c057d2eccd99971d56946f4b452a73041edd03eb566b1facd23307cac6f2320f68c85964fbeec20cbf17af833be91a0db5eb88a6c
SSDEEP

12288:xxETQAH7uKThTN7o0wzPlHu11bJWYpAdFzWgwy0PpQF5EEN5UJh9cFOa8pAmf:xxETQ47u8TGloPWYGdFqVhQjj5UZc3af

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1684	497786f2c96182c528e121edf912e8ae.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe
1684	497786f2c96182c528e121edf912e8ae.exe

C:\Users\Admin\AppData\Local\Temp\497786f2c96182c528e121edf912e8ae.exe
"C:\Users\Admin\AppData\Local\Temp\497786f2c96182c528e121edf912e8ae.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\E_4\krnln.fnr

Filesize
1.1MB

MD5
6d106ac24d967665185b14ba058249ba

SHA1
0b92f31e961ea7e3564db0ada469df5a6875da12

SHA256
95a6ccdfe5bbd96beb6e22c73156e762c15155146f46518137f4a94576cbb165

SHA512
bf5f2e8d526ddc5c532e2b1621015daab81d38f77cc9e17b1646287904a9b1c64ab6be386dfb7240d356d620882b337cfeccf548b3e7bdc2ba87ff58553d5144

Download Submit
memory/1684-0-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1684-5-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download