049062670d153e1f3afb65153f78c7d528793ab14b3d7b479615ee6300a9921b | Triage

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
21-02-2024 01:27

Sharing

Report Analysis Logs

General

Target

19c8b9ca37d78e10ecf91ecf1119eddb.exe
Size

427KB
MD5

19c8b9ca37d78e10ecf91ecf1119eddb
SHA1

3787616c1db7e1787774abdd08b402700af0175f
SHA256

049062670d153e1f3afb65153f78c7d528793ab14b3d7b479615ee6300a9921b
SHA512

f7008bedea2437b0b3032cc4521624ddc02b20460a6337f25163ec5d670402d767628c6b7cb3ea4257bfdeca545aacd97869c181f6966ca80c046d6824fca0b7
SSDEEP

12288:KplrVbDdQaqdS/ofraFErH8uB2Wm0SXsNr5FU:mxRQ+Fucuvm0as

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3012	Standard.exe

Loads dropped DLL 2 IoCs

pid	Process
2512	19c8b9ca37d78e10ecf91ecf1119eddb.exe
2512	19c8b9ca37d78e10ecf91ecf1119eddb.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\Version\Standard.exe	19c8b9ca37d78e10ecf91ecf1119eddb.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2512	19c8b9ca37d78e10ecf91ecf1119eddb.exe
2512	19c8b9ca37d78e10ecf91ecf1119eddb.exe
2512	19c8b9ca37d78e10ecf91ecf1119eddb.exe
2512	19c8b9ca37d78e10ecf91ecf1119eddb.exe
3012	Standard.exe
3012	Standard.exe
3012	Standard.exe
3012	Standard.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 3012	2512	19c8b9ca37d78e10ecf91ecf1119eddb.exe	28
PID 2512 wrote to memory of 3012	2512	19c8b9ca37d78e10ecf91ecf1119eddb.exe	28
PID 2512 wrote to memory of 3012	2512	19c8b9ca37d78e10ecf91ecf1119eddb.exe	28
PID 2512 wrote to memory of 3012	2512	19c8b9ca37d78e10ecf91ecf1119eddb.exe	28

C:\Users\Admin\AppData\Local\Temp\19c8b9ca37d78e10ecf91ecf1119eddb.exe
"C:\Users\Admin\AppData\Local\Temp\19c8b9ca37d78e10ecf91ecf1119eddb.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2512
- C:\Program Files\Version\Standard.exe
  "C:\Program Files\Version\Standard.exe" "33201"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Program Files\Version\Standard.exe

Filesize
427KB

MD5
2d09033a228b54a13f45bc42032b149a

SHA1
5cba3dc9ad592c6704b23ebec2bf63e98f227545

SHA256
86a9a36e95e2a98a6c25d1f12d321c248cba9cbc7144cdd1632adc598ace0585

SHA512
bd2221cd8395c6d4330d321e0b111e6915b0fb6b5dfc24ccfbb8fda06b0b10ff0d664578da14f230eab5c58ce64e74025152977fc40583bafb151facf35e1b05

Download Submit