0c9ec22d323b1b21f553c8d1844146819a3360f6a238040813773af9b04a1d6d

Analysis

max time kernel
3s
max time network
10s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/01/2024, 07:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

71aeace76a4c13c9dd7c25d2005ff116.exe
Size

8.2MB
MD5

71aeace76a4c13c9dd7c25d2005ff116
SHA1

4346d248c97359c63bff060e4d45371dce3d4651
SHA256

0c9ec22d323b1b21f553c8d1844146819a3360f6a238040813773af9b04a1d6d
SHA512

f7b04497c68c9054f997ba3e992a8cdd4bbe6be869646cb48e445eba4b3552aa3397e06445106877db9428ece7aa52cf8c3cb822e2ac6018b3705f2ea0f59e20
SSDEEP

49152:EQFRHrmQG+yrY+Fr/rcrSIrSB+Fr/SB+FrNY+Fr/rcrSIrSB+Fr/SB+Fr/rY+FrU:EcKk

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4716	fhkn.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4716	fhkn.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
4716	fhkn.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4716	fhkn.exe
4716	fhkn.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3296 wrote to memory of 4716	3296	71aeace76a4c13c9dd7c25d2005ff116.exe	85
PID 3296 wrote to memory of 4716	3296	71aeace76a4c13c9dd7c25d2005ff116.exe	85
PID 3296 wrote to memory of 4716	3296	71aeace76a4c13c9dd7c25d2005ff116.exe	85

C:\Users\Admin\AppData\Local\Temp\71aeace76a4c13c9dd7c25d2005ff116.exe
"C:\Users\Admin\AppData\Local\Temp\71aeace76a4c13c9dd7c25d2005ff116.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3296
- C:\Users\Admin\AppData\Local\Temp\fhkn.exe
  C:\Users\Admin\AppData\Local\Temp\fhkn.exe -run C:\Users\Admin\AppData\Local\Temp\71aeace76a4c13c9dd7c25d2005ff116.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\fhkn.exe

Filesize
9.1MB

MD5
32e3a185a230ec61c26b9a4f13af074f

SHA1
dfaf82f73d86c67b394bcc582dca2efd0d4f1f79

SHA256
a1dc0b61ec46d5f0c35a9facaa0cb57b5be15dd6614c223b363631f7edb08554

SHA512
1f164c0dc098b4d6d7c06f2092f4c0ed78623b89ed9008e572ea43c670603c05d81a7501f6e2efc53e868ac4021a95b93a378350651b02da456946190b7338d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\fhkn.exe

Filesize
5.1MB

MD5
17f4a607122960abf68d15150e828ab3

SHA1
864b9cf8c6113949287e669152b3a5f7bf8c6133

SHA256
fabf0bfabb3344cc160648890d374918fc039597dea56904ef5e10039a8cb1d8

SHA512
6f69d10dcbfa6f6e532b773406fc3e8379f0c27c8901fda55460b83785b939977cfc6ba8490e7d6825c4bf75ad19a06db76bae22b82f6e5d6cda15f0aaad260c

Download Submit
memory/3296-25-0x00000000025B0000-0x00000000025B1000-memory.dmp

Filesize
4KB

Download
memory/3296-1-0x0000000002310000-0x0000000002360000-memory.dmp

Filesize
320KB

Download
memory/3296-4-0x00000000022F0000-0x00000000022F1000-memory.dmp

Filesize
4KB

Download
memory/3296-5-0x0000000002490000-0x0000000002491000-memory.dmp

Filesize
4KB

Download
memory/3296-6-0x00000000022E0000-0x00000000022E1000-memory.dmp

Filesize
4KB

Download
memory/3296-7-0x0000000002360000-0x0000000002361000-memory.dmp

Filesize
4KB

Download
memory/3296-8-0x00000000024C0000-0x00000000024C1000-memory.dmp

Filesize
4KB

Download
memory/3296-11-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/3296-9-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/3296-12-0x0000000002DA0000-0x0000000002DA2000-memory.dmp

Filesize
8KB

Download
memory/3296-13-0x0000000002560000-0x0000000002561000-memory.dmp

Filesize
4KB

Download
memory/3296-14-0x0000000002520000-0x0000000002521000-memory.dmp

Filesize
4KB

Download
memory/3296-15-0x0000000002510000-0x0000000002511000-memory.dmp

Filesize
4KB

Download
memory/3296-16-0x0000000002540000-0x0000000002541000-memory.dmp

Filesize
4KB

Download
memory/3296-17-0x0000000002500000-0x0000000002501000-memory.dmp

Filesize
4KB

Download
memory/3296-18-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/3296-19-0x0000000002570000-0x0000000002571000-memory.dmp

Filesize
4KB

Download
memory/3296-20-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/3296-22-0x00000000025D0000-0x00000000025D1000-memory.dmp

Filesize
4KB

Download
memory/3296-21-0x0000000002620000-0x0000000002621000-memory.dmp

Filesize
4KB

Download
memory/3296-23-0x00000000025C0000-0x00000000025C1000-memory.dmp

Filesize
4KB

Download
memory/3296-24-0x00000000025F0000-0x00000000025F1000-memory.dmp

Filesize
4KB

Download
memory/3296-0-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/3296-26-0x00000000025E0000-0x00000000025E1000-memory.dmp

Filesize
4KB

Download
memory/3296-3-0x0000000002300000-0x0000000002301000-memory.dmp

Filesize
4KB

Download
memory/3296-29-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/3296-27-0x0000000002600000-0x0000000002601000-memory.dmp

Filesize
4KB

Download
memory/3296-30-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/3296-31-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/3296-32-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/3296-33-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/3296-34-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/3296-35-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/3296-37-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/3296-2-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/3296-42-0x0000000002E60000-0x0000000002E61000-memory.dmp

Filesize
4KB

Download
memory/3296-44-0x0000000002310000-0x0000000002360000-memory.dmp

Filesize
320KB

Download
memory/3296-45-0x0000000002E60000-0x0000000002E61000-memory.dmp

Filesize
4KB

Download
memory/3296-46-0x0000000002E60000-0x0000000002E61000-memory.dmp

Filesize
4KB

Download
memory/3296-43-0x0000000002E60000-0x0000000002E61000-memory.dmp

Filesize
4KB

Download
memory/3296-41-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/3296-28-0x0000000002D90000-0x0000000002D96000-memory.dmp

Filesize
24KB

Download
memory/3296-38-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/4716-47-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/4716-48-0x0000000002CB0000-0x0000000002CB1000-memory.dmp

Filesize
4KB

Download
memory/4716-49-0x0000000002680000-0x0000000002681000-memory.dmp

Filesize
4KB

Download
memory/4716-50-0x0000000002C70000-0x0000000002C71000-memory.dmp

Filesize
4KB

Download
memory/4716-51-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4716-52-0x0000000003970000-0x0000000003CF4000-memory.dmp

Filesize
3.5MB

Download