8419906cd2df2dc0406be115fa13d1815469dd8a55dfb8962c6d2924b74551dc

Analysis

max time kernel
142s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
03/02/2024, 18:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8d01e623f6c8fe01f97b05317597bd1f.exe
Size

5.2MB
MD5

8d01e623f6c8fe01f97b05317597bd1f
SHA1

dcd1bc58c59b64852f115f350cbcf082f949733c
SHA256

8419906cd2df2dc0406be115fa13d1815469dd8a55dfb8962c6d2924b74551dc
SHA512

fa3f5ddcbbb91d5391e8c16c2114235e5fd4fe8b8baf6f72e22e57dd1160da28cb0b340d87769deb9eabd6a2986569a77b23f278bc2850776f915aad7dc15cb2
SSDEEP

49152:EQFRHrmQG+yrY+FrBQG+aBQG+9QG+yrnrmQG+yrkQG+ygBQG+aBQIrmQG+yrY+F9:EcKHzs24MzWHzsc

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1196	z.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1196	z.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
1196	z.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1196	z.exe
1196	z.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4968 wrote to memory of 1196	4968	8d01e623f6c8fe01f97b05317597bd1f.exe	88
PID 4968 wrote to memory of 1196	4968	8d01e623f6c8fe01f97b05317597bd1f.exe	88
PID 4968 wrote to memory of 1196	4968	8d01e623f6c8fe01f97b05317597bd1f.exe	88

C:\Users\Admin\AppData\Local\Temp\8d01e623f6c8fe01f97b05317597bd1f.exe
"C:\Users\Admin\AppData\Local\Temp\8d01e623f6c8fe01f97b05317597bd1f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4968
- C:\Users\Admin\AppData\Local\Temp\z.exe
  C:\Users\Admin\AppData\Local\Temp\z.exe -run C:\Users\Admin\AppData\Local\Temp\8d01e623f6c8fe01f97b05317597bd1f.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\z.exe

Filesize
1.4MB

MD5
2743c69882367cd0f100aed7b1ce1569

SHA1
e7e383419a0819c3b078692a1d211cd538a00da9

SHA256
43ab423e64b3e100e2f34cdbb4691a81100855238948aee9d94c551b58efa47a

SHA512
d8f662ce359328ba3627208a50f4b9d51062a447dd8808017693d058f1159f5e8b23995d9fbe2c991cc0ead920062aec94534b1c1904342642b9cfa60ecaf752

Download Submit
C:\Users\Admin\AppData\Local\Temp\z.exe

Filesize
1.8MB

MD5
77a78cc89f78eb9df9985853635204d7

SHA1
80d7312fbfed28384bc3b2ca28f73121ed2b690c

SHA256
e9f5176b688fd2a157ea9a1e998dcfd35bbaee73a7fad79971191054647d8ae9

SHA512
4062759876346fd76e6972bfd761792441cb726f9827679b04af239c1365771b303782f96eee15b5a25ec92fe96fb78da58107f029584f4d1f337cece15092b3

Download Submit
memory/1196-67-0x0000000002CA0000-0x0000000002CA1000-memory.dmp

Filesize
4KB

Download
memory/1196-66-0x0000000002010000-0x0000000002011000-memory.dmp

Filesize
4KB

Download
memory/1196-38-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/1196-81-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/1196-45-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/1196-46-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/1196-47-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/1196-53-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/1196-54-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/1196-57-0x00000000022B0000-0x00000000022B1000-memory.dmp

Filesize
4KB

Download
memory/1196-56-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/1196-58-0x0000000002680000-0x0000000002681000-memory.dmp

Filesize
4KB

Download
memory/1196-60-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/1196-61-0x00000000022B0000-0x00000000022B1000-memory.dmp

Filesize
4KB

Download
memory/1196-62-0x0000000002D00000-0x0000000002D01000-memory.dmp

Filesize
4KB

Download
memory/1196-63-0x0000000002D10000-0x0000000002D11000-memory.dmp

Filesize
4KB

Download
memory/1196-65-0x0000000000760000-0x0000000000761000-memory.dmp

Filesize
4KB

Download
memory/1196-64-0x0000000002C70000-0x0000000002C71000-memory.dmp

Filesize
4KB

Download
memory/1196-68-0x0000000002C90000-0x0000000002C91000-memory.dmp

Filesize
4KB

Download
memory/1196-59-0x0000000002090000-0x00000000020E0000-memory.dmp

Filesize
320KB

Download
memory/1196-55-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/1196-48-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/1196-51-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/1196-52-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/1196-50-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/1196-40-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/1196-30-0x0000000002C50000-0x0000000002C56000-memory.dmp

Filesize
24KB

Download
memory/1196-31-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/1196-36-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/1196-37-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/1196-35-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/1196-34-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/1196-44-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/1196-41-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/1196-49-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/1196-39-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/1196-33-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/1196-32-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/1196-42-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/1196-43-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/4968-7-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/4968-8-0x00000000023B0000-0x00000000023B1000-memory.dmp

Filesize
4KB

Download
memory/4968-28-0x0000000002D90000-0x0000000002D96000-memory.dmp

Filesize
24KB

Download
memory/4968-20-0x0000000002570000-0x0000000002571000-memory.dmp

Filesize
4KB

Download
memory/4968-22-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/4968-25-0x0000000002610000-0x0000000002611000-memory.dmp

Filesize
4KB

Download
memory/4968-26-0x00000000022D0000-0x0000000002320000-memory.dmp

Filesize
320KB

Download
memory/4968-27-0x00000000025D0000-0x00000000025D1000-memory.dmp

Filesize
4KB

Download
memory/4968-1-0x00000000022D0000-0x0000000002320000-memory.dmp

Filesize
320KB

Download
memory/4968-0-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/4968-18-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4968-5-0x0000000002380000-0x0000000002381000-memory.dmp

Filesize
4KB

Download
memory/4968-29-0x00000000023E0000-0x00000000023E1000-memory.dmp

Filesize
4KB

Download
memory/4968-24-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/4968-13-0x0000000002560000-0x0000000002561000-memory.dmp

Filesize
4KB

Download
memory/4968-16-0x0000000002540000-0x0000000002541000-memory.dmp

Filesize
4KB

Download
memory/4968-15-0x0000000002400000-0x0000000002401000-memory.dmp

Filesize
4KB

Download
memory/4968-14-0x0000000002410000-0x0000000002411000-memory.dmp

Filesize
4KB

Download
memory/4968-17-0x00000000023F0000-0x00000000023F1000-memory.dmp

Filesize
4KB

Download
memory/4968-12-0x0000000002DA0000-0x0000000002DA2000-memory.dmp

Filesize
8KB

Download
memory/4968-9-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/4968-10-0x0000000002390000-0x0000000002391000-memory.dmp

Filesize
4KB

Download
memory/4968-4-0x0000000002350000-0x0000000002351000-memory.dmp

Filesize
4KB

Download
memory/4968-3-0x0000000002360000-0x0000000002361000-memory.dmp

Filesize
4KB

Download
memory/4968-2-0x00000000023A0000-0x00000000023A1000-memory.dmp

Filesize
4KB

Download
memory/4968-6-0x0000000002330000-0x0000000002331000-memory.dmp

Filesize
4KB

Download