dded21c3174d5d52bad91316018a1c5ed8edd65406e0a82e791f3d1ff8325129 | Triage

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19/02/2024, 03:55

Sharing

Report Analysis Logs

General

Target

b11a50ea9ad35ac7974c98c7a74682c2.exe
Size

388KB
MD5

b11a50ea9ad35ac7974c98c7a74682c2
SHA1

b0f0f50ac36f8c884a70acb19ea6f888addf88dd
SHA256

dded21c3174d5d52bad91316018a1c5ed8edd65406e0a82e791f3d1ff8325129
SHA512

ae04088ce63a9a4be7f039d202bc181838f33439877d7024320e416c2e6a3c24b79891bc577d90b04b7baa92128849b6c06c2ebafc7ecf6cbf0ab932f5523c7a
SSDEEP

12288:UplrVbDdQaqdS/ofraFErH8uB2Wm0SXsNr5FU:QxRQ+Fucuvm0as

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2628	American.exe

Loads dropped DLL 2 IoCs

pid	Process
760	b11a50ea9ad35ac7974c98c7a74682c2.exe
760	b11a50ea9ad35ac7974c98c7a74682c2.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\English\American.exe	b11a50ea9ad35ac7974c98c7a74682c2.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
760	b11a50ea9ad35ac7974c98c7a74682c2.exe
760	b11a50ea9ad35ac7974c98c7a74682c2.exe
760	b11a50ea9ad35ac7974c98c7a74682c2.exe
760	b11a50ea9ad35ac7974c98c7a74682c2.exe
2628	American.exe
2628	American.exe
2628	American.exe
2628	American.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 760 wrote to memory of 2628	760	b11a50ea9ad35ac7974c98c7a74682c2.exe	28
PID 760 wrote to memory of 2628	760	b11a50ea9ad35ac7974c98c7a74682c2.exe	28
PID 760 wrote to memory of 2628	760	b11a50ea9ad35ac7974c98c7a74682c2.exe	28
PID 760 wrote to memory of 2628	760	b11a50ea9ad35ac7974c98c7a74682c2.exe	28

C:\Users\Admin\AppData\Local\Temp\b11a50ea9ad35ac7974c98c7a74682c2.exe
"C:\Users\Admin\AppData\Local\Temp\b11a50ea9ad35ac7974c98c7a74682c2.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:760
- C:\Program Files\English\American.exe
  "C:\Program Files\English\American.exe" "33201"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Program Files\English\American.exe

Filesize
388KB

MD5
654929bc5099039d62d3a959c97d7102

SHA1
6ce1c445e3cc531412e95083154100f810f9f6e5

SHA256
239364235e31e5f853949e42de14d657d2b0be4cdd99e6154479a62cf5ed46ce

SHA512
b815a4a7a870a125413fe1a978c1be8d55fc99552451b41506239c909f337668bb75f4d0999697f1b2af3bef8af8e577fbea14f69bce9de717368b0ebb3cda2e

Download Submit