Analysis

  • max time kernel
    147s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-02-2024 01:09

General

  • Target

    16cc8f562409e838ef41f1bda9032d21.exe

  • Size

    311KB

  • MD5

    16cc8f562409e838ef41f1bda9032d21

  • SHA1

    cc7a011dca16d0286e0e931e1664e5b77cdc0419

  • SHA256

    91e1154ea3b2f9ee4c00b3678347142c929aeb2c4bd05f705ed19cc2911a5bcc

  • SHA512

    0e72412d1054d3bcec3261dac1c5a839f2a86c6104149bcb9faae74a9150a57d2b759ac0dc26b0c1f0f61908ff3cb46186a5d6dfb71f0af02fd623a611e6dfd9

  • SSDEEP

    3072:lxUm75Fku3eKeJk21ZSJReOqlz+mErj+HyHnNVIPL/+ybbiGF+1u46Q7q303lU8O:fU8DkpP1oJ1qlzUWUNVIT/bbbIW09R

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\16cc8f562409e838ef41f1bda9032d21.exe
    "C:\Users\Admin\AppData\Local\Temp\16cc8f562409e838ef41f1bda9032d21.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3272
    • C:\Program Files\German\Italian.exe
      "C:\Program Files\German\Italian.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\German\Italian.exe

    Filesize

    311KB

    MD5

    cb28779e17fc686e526bd3221bd812c7

    SHA1

    5e7780acf0a26a0d4a24c59b4c7c7213b5c07fb8

    SHA256

    020d660b52adb168d130f12eba8780c564c59fc33170c8ff6b07016d215f2ccf

    SHA512

    f7439bc82f0f15243fef1d8b677514a66bfc7a48c838b36edf6432d354a2532eb90403eb75dafee4ec902709c78adc34832dcd35c4b62418517b684c3ab3d7ae