Overview

overview

7

Static

static

1

96d8795ffe...af.exe

windows7-x64

7

96d8795ffe...af.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    12/02/2024, 09:38 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    96d8795ffe1717cf4089bc5b923d3daf.exe

  • Size

    757KB

  • MD5

    96d8795ffe1717cf4089bc5b923d3daf

  • SHA1

    f69cca93cbcab3227136d3fd2bbfe3b2cfbfc336

  • SHA256

    213dd28a7ad6ad623baae755cdaca13f3fd335a6f6c9df5df5d7a628fd558b19

  • SHA512

    44908f2b176dee7b2719efa2e71989d67f030daa1adea2b5af15c497096bde3655c03d25d3d2f88ae2f6b8986ceceb9a879041018bfe7b892a771d4e32ca83c4

  • SSDEEP

    12288:3qcr9sBQzHiMc0usw9E7uTnXBN2p5opOEte9fzz9dunrpONsAozZX1jqJiqMeXnD:a+OYCXbsw9EsG56l0fzZ8rpvASZX1+Jz

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 10 IoCs
  • Program crash 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\96d8795ffe1717cf4089bc5b923d3daf.exe
    "C:\Users\Admin\AppData\Local\Temp\96d8795ffe1717cf4089bc5b923d3daf.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:836
    • C:\Users\Admin\AppData\Local\Temp\setup.exe
      C:\Users\Admin\AppData\Local\Temp\setup.exe relaunch
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2328
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 768
        3⤵
        • Loads dropped DLL
        • Program crash
        PID:2944

Network

  • flag-us
    DNS
    downloads.updatesoftnow.com
    setup.exe
    Remote address:
    8.8.8.8:53
    Request
    downloads.updatesoftnow.com
    IN A
    Response
    downloads.updatesoftnow.com
    IN A
    95.211.219.67
  • 95.211.219.67:80
    downloads.updatesoftnow.com
    setup.exe
    152 B
     3
  • 95.211.219.67:80
    downloads.updatesoftnow.com
    setup.exe
    152 B
     3
  • 95.211.219.67:80
    downloads.updatesoftnow.com
    setup.exe
    152 B
     3
  • 95.211.219.67:80
    downloads.updatesoftnow.com
    setup.exe
    152 B
     3
  • 95.211.219.67:80
    downloads.updatesoftnow.com
    setup.exe
    152 B
     3
  • 95.211.219.67:80
    downloads.updatesoftnow.com
    setup.exe
    152 B
     3
  • 95.211.219.67:80
    downloads.updatesoftnow.com
    setup.exe
    152 B
     3
  • 95.211.219.67:80
    downloads.updatesoftnow.com
    setup.exe
    152 B
     3
  • 95.211.219.67:80
    downloads.updatesoftnow.com
    setup.exe
    152 B
     3
  • 95.211.219.67:80
    downloads.updatesoftnow.com
    setup.exe
    152 B
     3
  • 8.8.8.8:53
    downloads.updatesoftnow.com
    dns
    setup.exe
    73 B
     89 B
     1
    1

    DNS Request

    downloads.updatesoftnow.com

    DNS Response

    95.211.219.67

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\setup.exe
    Filesize

    757KB

    MD5

    96d8795ffe1717cf4089bc5b923d3daf

    SHA1

    f69cca93cbcab3227136d3fd2bbfe3b2cfbfc336

    SHA256

    213dd28a7ad6ad623baae755cdaca13f3fd335a6f6c9df5df5d7a628fd558b19

    SHA512

    44908f2b176dee7b2719efa2e71989d67f030daa1adea2b5af15c497096bde3655c03d25d3d2f88ae2f6b8986ceceb9a879041018bfe7b892a771d4e32ca83c4

    Download Submit

  • memory/836-10-0x0000000002520000-0x000000000278F000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/836-4-0x0000000002520000-0x000000000278F000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/836-0-0x0000000000400000-0x000000000066F000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/836-9-0x0000000000400000-0x000000000066F000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/2328-11-0x0000000000400000-0x000000000066F000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/2328-7-0x0000000000400000-0x000000000066F000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/2328-12-0x0000000000400000-0x000000000066F000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/2328-15-0x0000000000400000-0x000000000066F000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/2328-17-0x0000000000400000-0x000000000066F000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/2328-19-0x0000000000400000-0x000000000066F000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/2328-21-0x0000000000400000-0x000000000066F000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/2328-32-0x0000000000400000-0x000000000066F000-memory.dmp

    Filesize

    2.4MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.