Overview

overview

7

Static

static

3

7eea016fa7...4a.exe

windows7-x64

7

7eea016fa7...4a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29/01/2024, 04:41

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7eea016fa7082d60ff02f8a7ea355d4a.exe

  • Size

    112KB

  • MD5

    7eea016fa7082d60ff02f8a7ea355d4a

  • SHA1

    f6ada8575a6b742e71d38f56ca5a771f5f35e0e7

  • SHA256

    5a5d4f7e306c4630217dc3c9f7066bebaa1a1fe49a2a4eddafe72e75fd2f51a0

  • SHA512

    6355b120fb1f70aae2b8efc4cb7c1514d665750cfecb5412ab2d2826c5f5e2684cf6152fd4a98e9dd4c9c3161a6a8baf2cdf71a279db29f471deae86a1c255aa

  • SSDEEP

    3072:vcINEMu9CzG7jb+Wd0WCcjLQYB82b2+pq6v1jwsqKV:e/yGD+1bcjLQ+82KCvxwgV

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1260
      • C:\Users\Admin\AppData\Local\Temp\7eea016fa7082d60ff02f8a7ea355d4a.exe
        "C:\Users\Admin\AppData\Local\Temp\7eea016fa7082d60ff02f8a7ea355d4a.exe"
        2⤵
        • Loads dropped DLL
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1104
        • C:\Users\Admin\AppData\Local\Temp\tmp.exe
          C:\Users\Admin\AppData\Local\Temp\tmp.exe
          3⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2972

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • \Users\Admin\AppData\Local\Temp\tmp.exe
            Filesize

            31KB

            MD5

            d811471dfbcc6b9764e0f8c31d87c5b3

            SHA1

            6cc5e219193149b1260a2fc7af25f670d9f65aff

            SHA256

            95974775c340267e20b692e87fe16b4360d5a6e6fb1094d375a6f0f430e1cc67

            SHA512

            ae3990f0cadf3eb3e12ad694c2fe6c8c9352f55d5a0efd38b5fe2855b5dab81b7edbc29e2cbb195939c3e99aaf015e9331f73f5861c3c74eaccfd78094000aa7

            Download Submit

          • memory/1104-0-0x0000000000400000-0x0000000000433000-memory.dmp

            Filesize

            204KB

            Download

          • memory/1104-13-0x0000000000230000-0x0000000000239000-memory.dmp

            Filesize

            36KB

            Download

          • memory/1104-14-0x0000000000230000-0x0000000000239000-memory.dmp

            Filesize

            36KB

            Download

          • memory/1104-31-0x0000000000400000-0x0000000000433000-memory.dmp

            Filesize

            204KB

            Download

          • memory/1260-18-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

            Filesize

            28KB

            Download

          • memory/1260-21-0x000000007EFD0000-0x000000007EFD1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2972-15-0x0000000000400000-0x0000000000408960-memory.dmp

            Filesize

            34KB

            Download

          • memory/2972-17-0x0000000010000000-0x0000000010013000-memory.dmp

            Filesize

            76KB

            Download

          • memory/2972-30-0x0000000010000000-0x0000000010013000-memory.dmp

            Filesize

            76KB

            Download