Analysis

  • max time kernel
    144s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    10/01/2024, 07:06

General

  • Target

    4fe6a78b3acc6e4f636891bc5e4bd982.exe

  • Size

    4.6MB

  • MD5

    4fe6a78b3acc6e4f636891bc5e4bd982

  • SHA1

    d7f76fe8d5529a535885b1a34045790b3c74b37d

  • SHA256

    c2c66ec47fc9c969de74cbb8ae050243e5c51e8033811cb04bd3b975d0037d1b

  • SHA512

    ea313e8e2de3c3467b1b0aa2752cd7c6e53e7e7df7a64935035e012fe4904e64f8f391d30ebc8dfb268cd886f7855b0d2fa88915a1b502a946fd16588d4bca21

  • SSDEEP

    98304:Xg1glG4ajy2toG3AMzo3kDS0TD8QqKiuW3Am1HF3F/DudFUy6pmTK:X84H0jBigCD2FAm+

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • VMProtect packed file 17 IoCs

    Detects executables packed with VMProtect commercial packer.

  • Modifies registry class 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4fe6a78b3acc6e4f636891bc5e4bd982.exe
    "C:\Users\Admin\AppData\Local\Temp\4fe6a78b3acc6e4f636891bc5e4bd982.exe"
    1⤵
    • Loads dropped DLL
    • Modifies registry class
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:3044

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\rjhook.dll

          Filesize

          59KB

          MD5

          929f56b46242fa68a616374a5403689b

          SHA1

          45b4ade1f0cc2bf13e74d9801eee5c7abee3c3b2

          SHA256

          767b2e735693a9455a23b19e7a94643fd6095fa1158cbe22f612d657ebbb670d

          SHA512

          81c69649efff9d320533bcb3256d42c671877e1d48f9df99134c514aa2d888d11ded13b9d3447949881513e376cf4644b41b997cad2a9ffb51f4f45ca3cdc641

        • \Users\Admin\AppData\Roaming\mymacro\qdisp.dll

          Filesize

          43KB

          MD5

          7171bc500507f070355c8903e0ea6d3d

          SHA1

          073d479fdbd1f2af5d494e90b950098be63dee75

          SHA256

          3e02f67604dcc1f9e2f107e3dc04f9dcdc59431b2a9323838b61c427c63b997c

          SHA512

          a8162de29e73f7a198ab7b592c393c8b39e42d5f6649efeca300a90dd7c70178fca1cfcd1f721588dcff296d5245f9ebfa289c6525c7e8621c8eef3e77787622

        • memory/3044-31-0x0000000000400000-0x00000000008A9000-memory.dmp

          Filesize

          4.7MB

        • memory/3044-64-0x0000000000400000-0x00000000008A9000-memory.dmp

          Filesize

          4.7MB

        • memory/3044-10-0x00000000025D0000-0x0000000002624000-memory.dmp

          Filesize

          336KB

        • memory/3044-7-0x00000000025D0000-0x0000000002624000-memory.dmp

          Filesize

          336KB

        • memory/3044-11-0x00000000025D0000-0x0000000002624000-memory.dmp

          Filesize

          336KB

        • memory/3044-13-0x00000000025D0000-0x0000000002624000-memory.dmp

          Filesize

          336KB

        • memory/3044-12-0x00000000025D0000-0x0000000002624000-memory.dmp

          Filesize

          336KB

        • memory/3044-14-0x0000000000400000-0x00000000008A9000-memory.dmp

          Filesize

          4.7MB

        • memory/3044-1-0x0000000077C40000-0x0000000077C41000-memory.dmp

          Filesize

          4KB

        • memory/3044-27-0x0000000002900000-0x000000000290F000-memory.dmp

          Filesize

          60KB

        • memory/3044-2-0x0000000077C40000-0x0000000077C41000-memory.dmp

          Filesize

          4KB

        • memory/3044-34-0x0000000000400000-0x00000000008A9000-memory.dmp

          Filesize

          4.7MB

        • memory/3044-8-0x0000000010000000-0x0000000010006000-memory.dmp

          Filesize

          24KB

        • memory/3044-0-0x0000000000400000-0x00000000008A9000-memory.dmp

          Filesize

          4.7MB

        • memory/3044-30-0x0000000000400000-0x00000000008A9000-memory.dmp

          Filesize

          4.7MB

        • memory/3044-37-0x0000000000400000-0x00000000008A9000-memory.dmp

          Filesize

          4.7MB

        • memory/3044-40-0x0000000000400000-0x00000000008A9000-memory.dmp

          Filesize

          4.7MB

        • memory/3044-43-0x0000000000400000-0x00000000008A9000-memory.dmp

          Filesize

          4.7MB

        • memory/3044-46-0x0000000000400000-0x00000000008A9000-memory.dmp

          Filesize

          4.7MB

        • memory/3044-49-0x0000000000400000-0x00000000008A9000-memory.dmp

          Filesize

          4.7MB

        • memory/3044-52-0x0000000000400000-0x00000000008A9000-memory.dmp

          Filesize

          4.7MB

        • memory/3044-55-0x0000000000400000-0x00000000008A9000-memory.dmp

          Filesize

          4.7MB

        • memory/3044-58-0x0000000000400000-0x00000000008A9000-memory.dmp

          Filesize

          4.7MB

        • memory/3044-61-0x0000000000400000-0x00000000008A9000-memory.dmp

          Filesize

          4.7MB

        • memory/3044-32-0x0000000010000000-0x0000000010006000-memory.dmp

          Filesize

          24KB

        • memory/3044-67-0x0000000000400000-0x00000000008A9000-memory.dmp

          Filesize

          4.7MB

        • memory/3044-70-0x0000000000400000-0x00000000008A9000-memory.dmp

          Filesize

          4.7MB