59c89afa4002f8bd19b7779de57f0bd6e166d8d50089bdcef2932bcf5fe69924

General

Target

9860b7bde0f219d2fdc832b556bb70e2.exe
Size

92KB
MD5

9860b7bde0f219d2fdc832b556bb70e2
SHA1

362c4ec036cb8297a942ce68604e2c68b3b42cd5
SHA256

59c89afa4002f8bd19b7779de57f0bd6e166d8d50089bdcef2932bcf5fe69924
SHA512

bd1a2984947cabd442c2d428b09dc337c00a4d63ece5347345daa742d55775bb625fcc53035cc92148a417471f5877af880c413d05b683f36c53887949f74fe2
SSDEEP

768:c0TurnKp5jqKdUcCyDMgs/Osp3rYRkUoszQT022UNyjG6sGmM2g:hUntKOcCyDMgU/PO+y66sVp

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2016	ODBCJET.exe
2376	ODBCJET.exe

Loads dropped DLL 4 IoCs

pid	Process
2932	9860b7bde0f219d2fdc832b556bb70e2.exe
2932	9860b7bde0f219d2fdc832b556bb70e2.exe
2016	ODBCJET.exe
2016	ODBCJET.exe

Drops file in System32 directory 5 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\ODBCJET.exe	9860b7bde0f219d2fdc832b556bb70e2.exe
File opened for modification	C:\Windows\SysWOW64\ODBCJET.exe	9860b7bde0f219d2fdc832b556bb70e2.exe
File created	C:\Windows\SysWOW64\ODBCJET.exe	ODBCJET.exe
File created	C:\Windows\SysWOW64\Del.bat	ODBCJET.exe
File created	C:\Windows\SysWOW64\Del.bat	9860b7bde0f219d2fdc832b556bb70e2.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2932	9860b7bde0f219d2fdc832b556bb70e2.exe
2016	ODBCJET.exe
2376	ODBCJET.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 2016	2932	9860b7bde0f219d2fdc832b556bb70e2.exe	22
PID 2932 wrote to memory of 2016	2932	9860b7bde0f219d2fdc832b556bb70e2.exe	22
PID 2932 wrote to memory of 2016	2932	9860b7bde0f219d2fdc832b556bb70e2.exe	22
PID 2932 wrote to memory of 2016	2932	9860b7bde0f219d2fdc832b556bb70e2.exe	22
PID 2016 wrote to memory of 2376	2016	ODBCJET.exe	21
PID 2016 wrote to memory of 2376	2016	ODBCJET.exe	21
PID 2016 wrote to memory of 2376	2016	ODBCJET.exe	21
PID 2016 wrote to memory of 2376	2016	ODBCJET.exe	21
PID 2016 wrote to memory of 3044	2016	ODBCJET.exe	20
PID 2016 wrote to memory of 3044	2016	ODBCJET.exe	20
PID 2016 wrote to memory of 3044	2016	ODBCJET.exe	20
PID 2016 wrote to memory of 3044	2016	ODBCJET.exe	20
PID 2932 wrote to memory of 2240	2932	9860b7bde0f219d2fdc832b556bb70e2.exe	18
PID 2932 wrote to memory of 2240	2932	9860b7bde0f219d2fdc832b556bb70e2.exe	18
PID 2932 wrote to memory of 2240	2932	9860b7bde0f219d2fdc832b556bb70e2.exe	18
PID 2932 wrote to memory of 2240	2932	9860b7bde0f219d2fdc832b556bb70e2.exe	18

C:\Users\Admin\AppData\Local\Temp\9860b7bde0f219d2fdc832b556bb70e2.exe
"C:\Users\Admin\AppData\Local\Temp\9860b7bde0f219d2fdc832b556bb70e2.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Windows\system32\Del.bat
  2⤵
  PID:2240
- C:\Windows\SysWOW64\ODBCJET.exe
  C:\Windows\system32\ODBCJET.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2016

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Windows\system32\Del.bat
1⤵
PID:3044

C:\Windows\SysWOW64\ODBCJET.exe
C:\Windows\system32\ODBCJET.exe
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2376

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\Del.bat

Filesize
88B

MD5
35096dad5f1b48782d35698a1d042533

SHA1
7de420563facc9a68325ce5ef049f6d018751ad0

SHA256
dd339d5316a73d8a89487209e673f03ac5475bd149e6b13dc7f73c743bd3338e

SHA512
e156e6384bc7f5e3bedeae8fee177e0b31e921c78d47271519875565c053ff0aeced47b84965bdfe5e30ea1adb2c7920e4a0acf6de5fb966cc064d27e993244b

Download Submit
C:\Windows\SysWOW64\ODBCJET.exe

Filesize
31KB

MD5
5c8e3454f0948d694c589b3dfa2c95b6

SHA1
7723f58b54593acd093ebb679cce17cbb2b0a220

SHA256
5266f3a3623cc34b93761a26794f3f5ec32430f6dc6bdafcbcc267b53fe0c479

SHA512
aa20542b2882007029351a15c9d53d9cc92d06f72b1426b53fec47f38b8845a9f25e8b0bbc601782c2e8643ca9f6c9d720179976d9e65d9ab68f4ec764fdab5d

Download Submit
C:\Windows\SysWOW64\ODBCJET.exe

Filesize
1KB

MD5
02765ddef09956060730e3e710c31f09

SHA1
e10b262f9db7f7b1ec4ab183ce396e967a77a1c4

SHA256
39ac70c6821a563fb05cd7d081054592edc051913ecf0e63d59d33571013f880

SHA512
aab8a0662290d7ed33a717cd6e255980ca6babc99255ca817434132bd695dde99ed708a702094469d2aa4a2ee935222773e55a9f3b2c02c270f37284f8c60a77

Download Submit
C:\Windows\SysWOW64\ODBCJET.exe

Filesize
23KB

MD5
c3f1ce09c686e0845a674773f3ddf618

SHA1
388217ddc6a0fb3cd3ac6ba80aa871713c414b5b

SHA256
80b7b5584503883361e4b4d52aad0155b801b449bde0963c7456041947c5a92c

SHA512
68169aba54fe31a1068088b7b91bbf71353aff1fa9dcbc86b9397644fb5ec42f8de629562067c4b6b01fe0e98e9dbdb04623044d48c0ee455bc31296c7057afc

Download Submit
\Windows\SysWOW64\ODBCJET.exe

Filesize
92KB

MD5
9860b7bde0f219d2fdc832b556bb70e2

SHA1
362c4ec036cb8297a942ce68604e2c68b3b42cd5

SHA256
59c89afa4002f8bd19b7779de57f0bd6e166d8d50089bdcef2932bcf5fe69924

SHA512
bd1a2984947cabd442c2d428b09dc337c00a4d63ece5347345daa742d55775bb625fcc53035cc92148a417471f5877af880c413d05b683f36c53887949f74fe2

Download Submit
\Windows\SysWOW64\ODBCJET.exe

Filesize
35KB

MD5
9e25fd06403fd3025d99b53d237eb7ad

SHA1
da7176be5c749c429899ab96e5b1cc3627302132

SHA256
26eb310127812f020ca8de9312220c374428d229fd792a458ff40608ce1d4c78

SHA512
5ae026049ce1751e5d5e2621359c408f7548bc2b8c49783a6e602bd9e4eb3bf1458c3e6c5207529b221b4ac0e75b0e8a2ac52f3ddecc5c551a7598d46c182828

Download Submit
\Windows\SysWOW64\ODBCJET.exe

Filesize
16KB

MD5
024e97e4c633a24f529e0cc95483970f

SHA1
39f806dbcc57ce31ffeb42f6507d0f8dcabccda6

SHA256
d1a787f991da9ef2bd9d13b6503416a7f4d89a17b64b1b24332b6f36f3804565

SHA512
c54e197ee1d3d79800b2ce50e875bab8df4d0529c2c43dca3cb94c1bb57be2f75d61981394397c98298be25ba4e61bf09cbd774107263632d5c22b7633f80391

Download Submit
\Windows\SysWOW64\ODBCJET.exe

Filesize
68KB

MD5
96107b4d7b9c5d44c9924763e372f2e3

SHA1
769326dc6574966adac4c5edba62495b2454f50e

SHA256
bd6f9927176d98aefe250d7476624e769b4d1e4e17a1d2cc4fc7f424c884004c

SHA512
ad871f9ddfbe242ebaa964636bcd54559957cadd7d9029f8a3b366f46bb3de944fae8f1473638daee730fa1d2cc76a2d44fa472eb8ddefb38e08a885a9a2ab2c

Download Submit

Analysis

Sharing