5df915ab2c9d0f52d3aeccbe5c4895f080b204f469a6f29fd55ab76a82aa2dfb

Analysis

max time kernel
4s
max time network
9s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/01/2024, 06:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

76a048a5f0dffef604c467411d03e089.exe
Size

3.0MB
MD5

76a048a5f0dffef604c467411d03e089
SHA1

d36b84357825fde8fbd76b788074ce218bccb2a6
SHA256

5df915ab2c9d0f52d3aeccbe5c4895f080b204f469a6f29fd55ab76a82aa2dfb
SHA512

78d1b9c31edff5ef86095ded30c8cfd4ca34d36f9988ab8924ec89a7a334bb920d168e4dc01bfc2769c37077593c834de23dc11c2ed8403979b4d38c06bb6f35
SSDEEP

49152:EQFRHrmQG+yGXGZQPxQtrmQG+yGXJmQG+yb4:EcKdMZ7M

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3180	sfpygg.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3180	sfpygg.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
3180	sfpygg.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3180	sfpygg.exe
3180	sfpygg.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1668 wrote to memory of 3180	1668	76a048a5f0dffef604c467411d03e089.exe	85
PID 1668 wrote to memory of 3180	1668	76a048a5f0dffef604c467411d03e089.exe	85
PID 1668 wrote to memory of 3180	1668	76a048a5f0dffef604c467411d03e089.exe	85

C:\Users\Admin\AppData\Local\Temp\76a048a5f0dffef604c467411d03e089.exe
"C:\Users\Admin\AppData\Local\Temp\76a048a5f0dffef604c467411d03e089.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1668
- C:\Users\Admin\AppData\Local\Temp\sfpygg.exe
  C:\Users\Admin\AppData\Local\Temp\sfpygg.exe -run C:\Users\Admin\AppData\Local\Temp\76a048a5f0dffef604c467411d03e089.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\sfpygg.exe

Filesize
3.9MB

MD5
2ed2a6e723fdf5e7c615edd32a71b5d5

SHA1
62c81c8b874e5f23068364bbabb03d0e38ac4aff

SHA256
72c2aca04552f2cf5a441bceb08515ab65789b16a20145c3c363f56927fb1c24

SHA512
7c28642e5e0ef246915a43e555ae39d1a18f36a05099b2929a3adfb99fd943353ebf62b019fd0248bed25e2a4f342eafa18e087387e2471f61ccbab050c8a38b

Download Submit
memory/1668-0-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/1668-1-0x0000000002330000-0x0000000002380000-memory.dmp

Filesize
320KB

Download
memory/1668-2-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/1668-4-0x0000000002300000-0x0000000002301000-memory.dmp

Filesize
4KB

Download
memory/1668-5-0x0000000002490000-0x0000000002491000-memory.dmp

Filesize
4KB

Download
memory/1668-3-0x0000000002310000-0x0000000002311000-memory.dmp

Filesize
4KB

Download
memory/1668-6-0x0000000000710000-0x0000000000711000-memory.dmp

Filesize
4KB

Download
memory/1668-9-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/1668-7-0x0000000002480000-0x0000000002481000-memory.dmp

Filesize
4KB

Download
memory/1668-10-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/1668-8-0x00000000024C0000-0x00000000024C1000-memory.dmp

Filesize
4KB

Download
memory/1668-12-0x0000000002DA0000-0x0000000002DA2000-memory.dmp

Filesize
8KB

Download
memory/1668-13-0x0000000002560000-0x0000000002561000-memory.dmp

Filesize
4KB

Download
memory/1668-14-0x0000000002520000-0x0000000002521000-memory.dmp

Filesize
4KB

Download
memory/1668-15-0x0000000002510000-0x0000000002511000-memory.dmp

Filesize
4KB

Download
memory/1668-16-0x0000000002540000-0x0000000002541000-memory.dmp

Filesize
4KB

Download
memory/1668-17-0x0000000002500000-0x0000000002501000-memory.dmp

Filesize
4KB

Download
memory/1668-18-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/1668-19-0x0000000002570000-0x0000000002571000-memory.dmp

Filesize
4KB

Download
memory/1668-20-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/1668-21-0x0000000002610000-0x0000000002611000-memory.dmp

Filesize
4KB

Download
memory/1668-23-0x00000000025C0000-0x00000000025C1000-memory.dmp

Filesize
4KB

Download
memory/1668-22-0x00000000025D0000-0x00000000025D1000-memory.dmp

Filesize
4KB

Download
memory/1668-24-0x00000000025F0000-0x00000000025F1000-memory.dmp

Filesize
4KB

Download
memory/1668-25-0x00000000025B0000-0x00000000025B1000-memory.dmp

Filesize
4KB

Download
memory/1668-26-0x00000000025E0000-0x00000000025E1000-memory.dmp

Filesize
4KB

Download
memory/1668-27-0x0000000002600000-0x0000000002601000-memory.dmp

Filesize
4KB

Download
memory/1668-29-0x0000000002D90000-0x0000000002D96000-memory.dmp

Filesize
24KB

Download
memory/1668-30-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/1668-36-0x0000000002E60000-0x0000000002E61000-memory.dmp

Filesize
4KB

Download
memory/1668-35-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/1668-34-0x0000000002E60000-0x0000000002E61000-memory.dmp

Filesize
4KB

Download
memory/1668-33-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/1668-38-0x0000000002E60000-0x0000000002E61000-memory.dmp

Filesize
4KB

Download
memory/1668-37-0x0000000002330000-0x0000000002380000-memory.dmp

Filesize
320KB

Download
memory/3180-39-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/3180-42-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/3180-43-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/3180-48-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/3180-47-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/3180-49-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/3180-63-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/3180-64-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/3180-67-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/3180-68-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/3180-66-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/3180-65-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/3180-62-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/3180-61-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/3180-60-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/3180-59-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/3180-58-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/3180-57-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/3180-56-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/3180-55-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/3180-54-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/3180-53-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/3180-52-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/3180-51-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/3180-50-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/3180-45-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/3180-46-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/3180-44-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/3180-41-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/3180-40-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download