Overview

overview

7

Static

static

3

ydm2007dms...ok.exe

windows7-x64

7

ydm2007dms...ok.exe

windows10-2004-x64

7

ydm2007dms...��.url

windows7-x64

1

ydm2007dms...��.url

windows10-2004-x64

1

Analysis

  • max time kernel
    122s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/01/2024, 09:18

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ydm2007dmshui/book.exe

  • Size

    995KB

  • MD5

    84fc7ab96ed69f8b4f4289e1d2307284

  • SHA1

    9fc9d0c84603da2cb96d6da671d6bbf3c5f7eb50

  • SHA256

    e6d49836265d98e5ba66c28c3ada0385b40606a1fdf3776f8430d9f7ae333e28

  • SHA512

    369e82a47436eed0c5f0200aa3ef6a209de56fd5d98ac796688fcef5a4441c65354845a74711ca4e1ce2b02ac4904078ac58b8964b9cc029f9dd1f05924e2a40

  • SSDEEP

    24576:UZNybzTbxswAknyUiJ7ERfwY1dIRoAKe6MZRK6KY3xf2:UZC/CkGEpwyIRtxXcY352

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Suspicious use of SetWindowsHookEx 23 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ydm2007dmshui\book.exe
    "C:\Users\Admin\AppData\Local\Temp\ydm2007dmshui\book.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    PID:840

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\E_4\edroptarget.fne
          Filesize

          144KB

          MD5

          c054c9322fe658afca7a31cee39a839a

          SHA1

          bb299b3fc2a0f0006e10bc6c5fbf22ae687dcfaa

          SHA256

          23a17adce02920c4fbfb62870073f5f585d332cf437b1e18d363822affef775e

          SHA512

          2ccf00f3d8bec59032585fe988f5690f9028e5bddeb3b6254b7ed19a873dc2f33edf600e4b86f35f6a5223f11805bd376d2ed6ae561ba9345f29f360e5cc2342

          Download Submit

        • \Users\Admin\AppData\Local\Temp\E_4\iext2.fne
          Filesize

          460KB

          MD5

          fd6b276b1d6cf78aaed997b778b62acd

          SHA1

          94df4dd5da8579714c30bb32c1fe12cc8337ad3d

          SHA256

          1087dc334973480116542a212feb423bae02d8867b1a2952b3cd5b23e02a4ef7

          SHA512

          f3e5ecbaebe239188cbad3b8c830ab1e7902048b4568ca4090ad52f0c7901dc7a69d716d36f06c8028360bf0e70d615b84be17365d9b43f3c7356416ccdb6d23

          Download Submit

        • \Users\Admin\AppData\Local\Temp\E_4\krnln.fnr
          Filesize

          1.0MB

          MD5

          1081d7eb7a17faedfa588b93fc85365e

          SHA1

          884e264fa37bfb9e71d24f3f5c7554fdf94a8b9f

          SHA256

          0351d055cf1e194302ab125cc93208a8c733efb45dc301ca6e7e2a4051f411e0

          SHA512

          1ff9e7c495b9e005c8d3b56219794c31d804fe1944429e3d4fe013fd8fcb3f51c02b588748c7d9d869fdb115851932e8db4e6792aecd9c83f28237702582ba81

          Download Submit

        • memory/840-0-0x0000000000400000-0x0000000000412000-memory.dmp

          Filesize

          72KB

          Download

        • memory/840-8-0x00000000003D0000-0x00000000003F7000-memory.dmp

          Filesize

          156KB

          Download

        • memory/840-12-0x0000000003680000-0x0000000003703000-memory.dmp

          Filesize

          524KB

          Download

        • memory/840-15-0x0000000000400000-0x0000000000412000-memory.dmp

          Filesize

          72KB

          Download