Analysis
-
max time kernel
0s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
07/01/2024, 19:21
Static task
static1
Behavioral task
behavioral1
Sample
Mesh Method_65518065.exe
Resource
win7-20231215-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
Mesh Method_65518065.exe
Resource
win10v2004-20231215-en
10 signatures
150 seconds
General
-
Target
Mesh Method_65518065.exe
-
Size
9.5MB
-
MD5
93d16508432c3ff3512eb9de584f48e6
-
SHA1
6ed9fd4d190afc6c5154730d85cf883fd3ad4d2e
-
SHA256
be5357f63b036da79d198978cbc5b652ea02b1ccfcb1538352442cdc7f4d5549
-
SHA512
08ad71f9b6b3a65cb22b6a65c8e44d4e004de2d10683dd89a8eac5af67127b126db301ca55e00740e7342c2896cf4b7178257e9d4e446a03db13e122c4116338
-
SSDEEP
196608:MulB4qN8C0lgVk2rqNemQ3bKfIiaNPFHNRsiK:jee87gbrqNeL3bIIiEHMn
Score
1/10
Malware Config
Signatures
-
Delays execution with timeout.exe 3 IoCs
pid Process 1904 timeout.exe 2460 timeout.exe 356 timeout.exe -
Enumerates processes with tasklist 1 TTPs 3 IoCs
pid Process 2232 tasklist.exe 1780 tasklist.exe 2476 tasklist.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1888 Mesh Method_65518065.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Mesh Method_65518065.exe"C:\Users\Admin\AppData\Local\Temp\Mesh Method_65518065.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:1888 -
C:\Users\Admin\AppData\Local\setup65518065.exeC:\Users\Admin\AppData\Local\setup65518065.exe hhwnd=459042 hreturntoinstaller hextras=id:ad413892c2b60f5-RO-L18kY2⤵PID:832
-
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferInstaller.exe"C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferInstaller.exe"3⤵PID:2692
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\H2OCleanup.bat""4⤵PID:1696
-
C:\Windows\SysWOW64\timeout.exetimeout 15⤵
- Delays execution with timeout.exe
PID:2460
-
-
C:\Windows\SysWOW64\find.exefind /I "2692"5⤵PID:2932
-
-
C:\Windows\SysWOW64\tasklist.exetasklist /FI "PID eq 2692" /fo csv5⤵
- Enumerates processes with tasklist
PID:2476
-
-
C:\Windows\SysWOW64\find.exefind /I "2692"5⤵PID:2212
-
-
C:\Windows\SysWOW64\timeout.exetimeout 15⤵
- Delays execution with timeout.exe
PID:356
-
-
C:\Windows\SysWOW64\tasklist.exetasklist /FI "PID eq 2692" /fo csv5⤵
- Enumerates processes with tasklist
PID:2232
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\H2OCleanup.bat""3⤵PID:3032
-
-
-
C:\Users\Admin\AppData\Local\setup65518065.exeC:\Users\Admin\AppData\Local\setup65518065.exe hready2⤵PID:2228
-
-
C:\Windows\SysWOW64\find.exefind /I "832"1⤵PID:1272
-
C:\Windows\SysWOW64\timeout.exetimeout 51⤵
- Delays execution with timeout.exe
PID:1904
-
C:\Windows\SysWOW64\tasklist.exetasklist /FI "PID eq 832" /fo csv1⤵
- Enumerates processes with tasklist
PID:1780