Analysis
-
max time kernel
147s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
22-02-2024 01:09
Static task
static1
Behavioral task
behavioral1
Sample
16cc8f562409e838ef41f1bda9032d21.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
16cc8f562409e838ef41f1bda9032d21.exe
Resource
win10v2004-20240221-en
General
-
Target
16cc8f562409e838ef41f1bda9032d21.exe
-
Size
311KB
-
MD5
16cc8f562409e838ef41f1bda9032d21
-
SHA1
cc7a011dca16d0286e0e931e1664e5b77cdc0419
-
SHA256
91e1154ea3b2f9ee4c00b3678347142c929aeb2c4bd05f705ed19cc2911a5bcc
-
SHA512
0e72412d1054d3bcec3261dac1c5a839f2a86c6104149bcb9faae74a9150a57d2b759ac0dc26b0c1f0f61908ff3cb46186a5d6dfb71f0af02fd623a611e6dfd9
-
SSDEEP
3072:lxUm75Fku3eKeJk21ZSJReOqlz+mErj+HyHnNVIPL/+ybbiGF+1u46Q7q303lU8O:fU8DkpP1oJ1qlzUWUNVIT/bbbIW09R
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2852 Italian.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\Program Files\German\Italian.exe 16cc8f562409e838ef41f1bda9032d21.exe File opened for modification C:\Program Files\German\Italian.exe 16cc8f562409e838ef41f1bda9032d21.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
pid Process 3272 16cc8f562409e838ef41f1bda9032d21.exe 3272 16cc8f562409e838ef41f1bda9032d21.exe 3272 16cc8f562409e838ef41f1bda9032d21.exe 3272 16cc8f562409e838ef41f1bda9032d21.exe 2852 Italian.exe 2852 Italian.exe 2852 Italian.exe 2852 Italian.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3272 wrote to memory of 2852 3272 16cc8f562409e838ef41f1bda9032d21.exe 84 PID 3272 wrote to memory of 2852 3272 16cc8f562409e838ef41f1bda9032d21.exe 84 PID 3272 wrote to memory of 2852 3272 16cc8f562409e838ef41f1bda9032d21.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\16cc8f562409e838ef41f1bda9032d21.exe"C:\Users\Admin\AppData\Local\Temp\16cc8f562409e838ef41f1bda9032d21.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3272 -
C:\Program Files\German\Italian.exe"C:\Program Files\German\Italian.exe" "33201"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2852
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
311KB
MD5cb28779e17fc686e526bd3221bd812c7
SHA15e7780acf0a26a0d4a24c59b4c7c7213b5c07fb8
SHA256020d660b52adb168d130f12eba8780c564c59fc33170c8ff6b07016d215f2ccf
SHA512f7439bc82f0f15243fef1d8b677514a66bfc7a48c838b36edf6432d354a2532eb90403eb75dafee4ec902709c78adc34832dcd35c4b62418517b684c3ab3d7ae