Overview

overview

7

Static

static

3

cd6a4f0623...a3.exe

windows7-x64

7

cd6a4f0623...a3.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    24-01-2024 03:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cd6a4f062392c0f81140b37e6bc222a3.exe

  • Size

    381KB

  • MD5

    cd6a4f062392c0f81140b37e6bc222a3

  • SHA1

    94c8a47656214701d39100482ebc71937e978ebe

  • SHA256

    1b8a9d6961adaa65a2969823ad0cc372d09e7a89aee81487eeedd6ac207a5f2e

  • SHA512

    ee3aedcf10ebcc07d0d5f671c4583264f664d4b1eacf0d4253d7c7020ad48a15ca0df5f0f3910784f47a2b310520fd5f6b8dda4f68e21e753c91ac4a7cd4e34a

  • SSDEEP

    6144:3plrlbbDdQaqd2X/96fr3KFEUGjr8uB2WgcA0cpXEVNrvGZ4FUqm6:3plrVbDdQaqdS/ofraFErH8uB2Wm0SXj

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cd6a4f062392c0f81140b37e6bc222a3.exe
    "C:\Users\Admin\AppData\Local\Temp\cd6a4f062392c0f81140b37e6bc222a3.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2040
    • C:\Program Files\Custom\Enabling.exe
      "C:\Program Files\Custom\Enabling.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:1736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Custom\Enabling.exe
    Filesize

    39KB

    MD5

    62ecbdbe6f959b84b5e7454284ace1e1

    SHA1

    293e7921d9ceed733feee4660cef1d6ae0c3c132

    SHA256

    29e81c553f4fba8486b161c9c95b5e49ff7a797e56f87ce512fdb125b849aa08

    SHA512

    ed84951b8f585f26fbb8eb3116be0f5900a6940e96d051964500586846b5b82ec54183b2b35a628165b059204010a72fafd2bd0da27df62879a3163878739696

    Download Submit

  • \Program Files\Custom\Enabling.exe
    Filesize

    82KB

    MD5

    4e65ccfdd69bfa1b4b04eca0e5f0cacd

    SHA1

    03a02846848e6404d21091cb955de730a77e0155

    SHA256

    a11bdd54af095d0d31d304e352e9da785b09a22470420c45e73f27479b30c36f

    SHA512

    46d6ebbda0d62ac282e51a22887dbd9177185833a3fe4be49fb94e88f338db86d02f40cc01c8ae6e209bd2613c30c88488477a608c5f0539896a8cf05a2a515a

    Download Submit

  • \Program Files\Custom\Enabling.exe
    Filesize

    1KB

    MD5

    69fe22c28956ff4033c18565b59e95a6

    SHA1

    0c88a296ee0a7331c3793ee62a48e99f93e826bc

    SHA256

    67483a81e9544a57a142d2d14ef5e08650fc81cba0651c4c29a799ae5f0badf2

    SHA512

    b039edf221cb3dd469e1c4ee3ecca735cd44ab584261c139198b017f1923ce0afa6af392cc82dd00f86b30b62da866ed5289277d168852e57809b76f6aaa51f3

    Download Submit