4ca2242c201e09961525f45f73b4d818bb3a9872a445089f58aaa07992d94e08

Analysis

max time kernel
138s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
10/01/2024, 17:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

51290bb28ec1a592c9ce054cdd090386.exe
Size

500KB
MD5

51290bb28ec1a592c9ce054cdd090386
SHA1

b6a5dcdcd995cea17df6832175e46c2b8865ec90
SHA256

4ca2242c201e09961525f45f73b4d818bb3a9872a445089f58aaa07992d94e08
SHA512

ff35f80dc89299b04cdff0c669e0d59a686850d855d4b6b5c7e4ef571de87593f4c46d0ff422e8a9c25c9faecd97a98d52e01b6817568c99f1e55893dd336a7e
SSDEEP

6144:/K/5Rf1fC0JkM8tPHjyN/Cs+zZjT4YkW2KanSDBfMysVufBn597NX2:/8f9JkptPDIgwWo7ysgfBnnl2

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1576	ocs_v6b.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
348	51290bb28ec1a592c9ce054cdd090386.exe
1576	ocs_v6b.exe
1576	ocs_v6b.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 348 wrote to memory of 1576	348	51290bb28ec1a592c9ce054cdd090386.exe	88
PID 348 wrote to memory of 1576	348	51290bb28ec1a592c9ce054cdd090386.exe	88

C:\Users\Admin\AppData\Local\Temp\51290bb28ec1a592c9ce054cdd090386.exe
"C:\Users\Admin\AppData\Local\Temp\51290bb28ec1a592c9ce054cdd090386.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:348
- C:\Users\Admin\AppData\Local\Temp\OCS\ocs_v6b.exe
  C:\Users\Admin\AppData\Local\Temp\OCS\ocs_v6b.exe -install -h371246 -freewarede -ff222c36e0c542509360ce545507503b - - -umawqonspouetxxv
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1576

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\OCS\ocs_v6b.exe

Filesize
256KB

MD5
d2e1cc97d0d065147bcfb13746f31aad

SHA1
cacbb1953ec3c4aca8f5925ed2a349e4ac1cbb2a

SHA256
f761f291e45c658976138d4c5116e254e66dded95276a2d6c48cf8a621ffab2b

SHA512
360b23adb4f525f33b10636b364ca9febb9dfd30f4cadfd0e3f68e569a666b5fcd103f78716b0299ae64c6fda8ec2a1e3857b7c9d990482cf5c3cd150e0c20c9

Download Submit
memory/1576-7-0x000000001B8B0000-0x000000001BD7E000-memory.dmp

Filesize
4.8MB

Download
memory/1576-8-0x00007FF9FEE40000-0x00007FF9FF7E1000-memory.dmp

Filesize
9.6MB

Download
memory/1576-10-0x0000000000D60000-0x0000000000D70000-memory.dmp

Filesize
64KB

Download
memory/1576-9-0x000000001B310000-0x000000001B3B6000-memory.dmp

Filesize
664KB

Download
memory/1576-11-0x000000001BE80000-0x000000001BF1C000-memory.dmp

Filesize
624KB

Download
memory/1576-12-0x00007FF9FEE40000-0x00007FF9FF7E1000-memory.dmp

Filesize
9.6MB

Download
memory/1576-13-0x000000001BD80000-0x000000001BD88000-memory.dmp

Filesize
32KB

Download
memory/1576-15-0x0000000000D60000-0x0000000000D70000-memory.dmp

Filesize
64KB

Download
memory/1576-14-0x0000000000D60000-0x0000000000D70000-memory.dmp

Filesize
64KB

Download
memory/1576-17-0x0000000000D60000-0x0000000000D70000-memory.dmp

Filesize
64KB

Download
memory/1576-18-0x0000000000D60000-0x0000000000D70000-memory.dmp

Filesize
64KB

Download
memory/1576-16-0x0000000000D60000-0x0000000000D70000-memory.dmp

Filesize
64KB

Download
memory/1576-19-0x0000000000D60000-0x0000000000D70000-memory.dmp

Filesize
64KB

Download
memory/1576-21-0x00007FF9FEE40000-0x00007FF9FF7E1000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads