b32e99e981523dc367b400352de5a13930171675d3d5f8e83a6d7ab3e2689144

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04/02/2024, 06:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8e6613a2564e99d98781a795f4cc57ce.exe
Size

16KB
MD5

8e6613a2564e99d98781a795f4cc57ce
SHA1

2e29210e55235f5a9a5b8c0120b9682c08318465
SHA256

b32e99e981523dc367b400352de5a13930171675d3d5f8e83a6d7ab3e2689144
SHA512

89db3fccc2bb4c5fda977068b7d74cf7f8561c741bec87ded905888c7d4e664896346b7fcabea59e869dbefd5bafc239b85294b800fcc9b2bf241b931af2458a
SSDEEP

384:cfWuKW6z/JB2vDlmZ6mZl34LXL96/6/ZJxtF3M9FFUl8NIK:LjJB2pfV6/6hJxtef7

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1796	ODBCJET.exe
2148	ODBCJET.exe

Drops file in System32 directory 5 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\ODBCJET.exe	8e6613a2564e99d98781a795f4cc57ce.exe
File opened for modification	C:\Windows\SysWOW64\ODBCJET.exe	8e6613a2564e99d98781a795f4cc57ce.exe
File created	C:\Windows\SysWOW64\ODBCJET.exe	ODBCJET.exe
File created	C:\Windows\SysWOW64\Del.bat	ODBCJET.exe
File opened for modification	C:\Windows\SysWOW64\Del.bat	8e6613a2564e99d98781a795f4cc57ce.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3604	8e6613a2564e99d98781a795f4cc57ce.exe
1796	ODBCJET.exe
2148	ODBCJET.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 3604 wrote to memory of 1796	3604	8e6613a2564e99d98781a795f4cc57ce.exe	86
PID 3604 wrote to memory of 1796	3604	8e6613a2564e99d98781a795f4cc57ce.exe	86
PID 3604 wrote to memory of 1796	3604	8e6613a2564e99d98781a795f4cc57ce.exe	86
PID 1796 wrote to memory of 2148	1796	ODBCJET.exe	87
PID 1796 wrote to memory of 2148	1796	ODBCJET.exe	87
PID 1796 wrote to memory of 2148	1796	ODBCJET.exe	87
PID 1796 wrote to memory of 1912	1796	ODBCJET.exe	91
PID 1796 wrote to memory of 1912	1796	ODBCJET.exe	91
PID 1796 wrote to memory of 1912	1796	ODBCJET.exe	91
PID 3604 wrote to memory of 3680	3604	8e6613a2564e99d98781a795f4cc57ce.exe	90
PID 3604 wrote to memory of 3680	3604	8e6613a2564e99d98781a795f4cc57ce.exe	90
PID 3604 wrote to memory of 3680	3604	8e6613a2564e99d98781a795f4cc57ce.exe	90

C:\Users\Admin\AppData\Local\Temp\8e6613a2564e99d98781a795f4cc57ce.exe
"C:\Users\Admin\AppData\Local\Temp\8e6613a2564e99d98781a795f4cc57ce.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3604
- C:\Windows\SysWOW64\ODBCJET.exe
  C:\Windows\system32\ODBCJET.exe
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1796
- - C:\Windows\SysWOW64\ODBCJET.exe
    C:\Windows\system32\ODBCJET.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2148
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Windows\system32\Del.bat
    3⤵
    PID:1912
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\system32\Del.bat
  2⤵
  PID:3680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\Del.bat

Filesize
127B

MD5
953323bac5967263d8924b1f07c45fc1

SHA1
43880a8bef7b40e2e171ff1171b8ecec4064a921

SHA256
fb77476faf64748b6d7c2269a1455bbbd4ca44bc723552b7ec03682506767a97

SHA512
552b3a6aa2429983f3f9253b59aec74d4ef9dd7ed42749fb0b0297d9ff41f74115bccd96759545ebc228c71e91bb9e837d0ac41ac93f5052639b6fddebd62e22

Download Submit
C:\Windows\SysWOW64\ODBCJET.exe

Filesize
16KB

MD5
8e6613a2564e99d98781a795f4cc57ce

SHA1
2e29210e55235f5a9a5b8c0120b9682c08318465

SHA256
b32e99e981523dc367b400352de5a13930171675d3d5f8e83a6d7ab3e2689144

SHA512
89db3fccc2bb4c5fda977068b7d74cf7f8561c741bec87ded905888c7d4e664896346b7fcabea59e869dbefd5bafc239b85294b800fcc9b2bf241b931af2458a

Download Submit
memory/1796-10-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1796-9-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1796-24-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2148-15-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2148-14-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2148-23-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/3604-0-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/3604-1-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/3604-25-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads