a6dca37a3875494c9698eed58b39761b2dbd4df8db22ce270b4572c7272b5dd2 | Triage

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14/01/2024, 00:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

59c834958078755f6dc1268573a7bebe.exe
Size

32KB
MD5

59c834958078755f6dc1268573a7bebe
SHA1

175225422a020694f6156df53ee6a23260ab7ed8
SHA256

a6dca37a3875494c9698eed58b39761b2dbd4df8db22ce270b4572c7272b5dd2
SHA512

d550599778cd66e90c089761a1a32f9b2188f31cb649272587254bef2c9d7e7253b3fa516a3c886aa9d5c38e70e197b1a012b5ecb1489c30928f56002f13c041
SSDEEP

384:/TdAdDqmPyNDmngdRkt+9UuhxWiIY58MxZhAGOF3vJ:/mdeT9mBo91WpOxZh63vJ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2920	rst.exe

Loads dropped DLL 2 IoCs

pid	Process
2024	59c834958078755f6dc1268573a7bebe.exe
2024	59c834958078755f6dc1268573a7bebe.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\rst.exe	59c834958078755f6dc1268573a7bebe.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2024	59c834958078755f6dc1268573a7bebe.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 2920	2024	59c834958078755f6dc1268573a7bebe.exe	28
PID 2024 wrote to memory of 2920	2024	59c834958078755f6dc1268573a7bebe.exe	28
PID 2024 wrote to memory of 2920	2024	59c834958078755f6dc1268573a7bebe.exe	28
PID 2024 wrote to memory of 2920	2024	59c834958078755f6dc1268573a7bebe.exe	28

C:\Users\Admin\AppData\Local\Temp\59c834958078755f6dc1268573a7bebe.exe
"C:\Users\Admin\AppData\Local\Temp\59c834958078755f6dc1268573a7bebe.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Windows\SysWOW64\rst.exe
  C:\Windows\system32\rst.exe
  2⤵
  - Executes dropped EXE
  PID:2920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Windows\SysWOW64\rst.exe

Filesize
8KB

MD5
bcd53a5ce66577bf59bf0d95d14fc782

SHA1
5a048bc33eb53a33f89cda67abb9316d5328f244

SHA256
61d870d64c0185267469c2ca2d8fe7621897ec2e5b93a0fdc8e1d7eb7595c4a5

SHA512
cf052fe4e57ffa348e8b70f3ec1179218d8eccabdc4a101570ae2bf5a1ae0e9f187dbffb44d133ce1c4ef10b34378b09cae8d87ae77b0bed41c80b173f3f6810

Download Submit