Overview

overview

10

Static

static

3

74f734fbd2...b1.exe

windows7-x64

5

74f734fbd2...b1.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    25-01-2024 16:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    74f734fbd212b859927c303d376be7b1.exe

  • Size

    686KB

  • MD5

    74f734fbd212b859927c303d376be7b1

  • SHA1

    ac326c95103cfacded5c4bf8902720fb9f7b5e18

  • SHA256

    de1fe84c7f43c39cfdec88e4ea68528aa9fb83ecebe86a54321c563115617c3c

  • SHA512

    8bce2830e04fa377fddeb5db2ba9a4da14ec653b32d310c28dae175a4104a96cd5f0282735140ca8225974b9158efc28511cc4880dbab668254ab4c27201eafa

  • SSDEEP

    12288:pITW0SsSYpDlta31MUhXjNM3PQ7TxIcntupZB78Fs5GIph8y:pITW0Ss3D7aucXjAPQ7l30pb7rGy

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\74f734fbd212b859927c303d376be7b1.exe
    "C:\Users\Admin\AppData\Local\Temp\74f734fbd212b859927c303d376be7b1.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2340
    • C:\Users\Admin\AppData\Local\Temp\74f734fbd212b859927c303d376be7b1.exe
      C:\Users\Admin\AppData\Local\Temp\74f734fbd212b859927c303d376be7b1.exe
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1680
  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1356

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1356-19-0x000000007FFF0000-0x000000007FFF7000-memory.dmp
      Filesize

      28KB

      Download
    • memory/1356-23-0x000000007EFD0000-0x000000007EFD1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1680-5-0x0000000000400000-0x0000000000409000-memory.dmp
      Filesize

      36KB

      Download
    • memory/1680-8-0x0000000000400000-0x0000000000409000-memory.dmp
      Filesize

      36KB

      Download
    • memory/1680-32-0x0000000000400000-0x0000000000409000-memory.dmp
      Filesize

      36KB

      Download
    • memory/1680-17-0x0000000000400000-0x0000000000409000-memory.dmp
      Filesize

      36KB

      Download
    • memory/1680-21-0x0000000010000000-0x0000000010013000-memory.dmp
      Filesize

      76KB

      Download
    • memory/1680-14-0x0000000000400000-0x0000000000409000-memory.dmp
      Filesize

      36KB

      Download
    • memory/1680-12-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1680-18-0x0000000000400000-0x0000000000409000-memory.dmp
      Filesize

      36KB

      Download
    • memory/1680-10-0x0000000000400000-0x0000000000409000-memory.dmp
      Filesize

      36KB

      Download
    • memory/2340-16-0x0000000000400000-0x00000000005B9000-memory.dmp
      Filesize

      1.7MB

      Download
    • memory/2340-3-0x0000000000400000-0x00000000005B9000-memory.dmp
      Filesize

      1.7MB

      Download
    • memory/2340-6-0x0000000002AC0000-0x0000000002C79000-memory.dmp
      Filesize

      1.7MB

      Download
    • memory/2340-0-0x0000000000400000-0x00000000005B9000-memory.dmp
      Filesize

      1.7MB

      Download
    • memory/2340-1-0x0000000000400000-0x00000000005B9000-memory.dmp
      Filesize

      1.7MB

      Download