934fac70a451afcce0b5d083c6d4de689b46717e1d4b4425d75179e09ac73992

Analysis

max time kernel
154s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
23/02/2024, 07:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Malwarebytes.Premium-3.8.3.2965.exe
Size

62.8MB
MD5

d3c545e7304eb768d0a63a2e85d09e09
SHA1

5cd0f4753075a0523f23309d1e638d6bac384044
SHA256

934fac70a451afcce0b5d083c6d4de689b46717e1d4b4425d75179e09ac73992
SHA512

c1f63bf2f5af3c0c6a29769df604cd01bd442607a62e0953d5dfffb5810c6885728c3f2dc5f284355cfff29789524ffca0f0b623add753b5be0ef8b9d472c61b
SSDEEP

1572864:73dmJkylTRJ8apG9uYb//XmBvvfdLlmGBoQUzYHjwHr/vGDA1V:TUJkETRJ8aI5/+Bv3dLlQdzY8jeDA1V

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4708	Malwarebytes.Premium-3.8.3.2965.tmp

Loads dropped DLL 4 IoCs

pid	Process
4708	Malwarebytes.Premium-3.8.3.2965.tmp
4708	Malwarebytes.Premium-3.8.3.2965.tmp
4708	Malwarebytes.Premium-3.8.3.2965.tmp
4708	Malwarebytes.Premium-3.8.3.2965.tmp

Suspicious behavior: EnumeratesProcesses 40 IoCs

pid	Process
4708	Malwarebytes.Premium-3.8.3.2965.tmp
4708	Malwarebytes.Premium-3.8.3.2965.tmp
4708	Malwarebytes.Premium-3.8.3.2965.tmp
4708	Malwarebytes.Premium-3.8.3.2965.tmp
4708	Malwarebytes.Premium-3.8.3.2965.tmp
4708	Malwarebytes.Premium-3.8.3.2965.tmp
4708	Malwarebytes.Premium-3.8.3.2965.tmp
4708	Malwarebytes.Premium-3.8.3.2965.tmp
4708	Malwarebytes.Premium-3.8.3.2965.tmp
4708	Malwarebytes.Premium-3.8.3.2965.tmp
4708	Malwarebytes.Premium-3.8.3.2965.tmp
4708	Malwarebytes.Premium-3.8.3.2965.tmp
4708	Malwarebytes.Premium-3.8.3.2965.tmp
4708	Malwarebytes.Premium-3.8.3.2965.tmp
4708	Malwarebytes.Premium-3.8.3.2965.tmp
4708	Malwarebytes.Premium-3.8.3.2965.tmp
4708	Malwarebytes.Premium-3.8.3.2965.tmp
4708	Malwarebytes.Premium-3.8.3.2965.tmp
4708	Malwarebytes.Premium-3.8.3.2965.tmp
4708	Malwarebytes.Premium-3.8.3.2965.tmp
4708	Malwarebytes.Premium-3.8.3.2965.tmp
4708	Malwarebytes.Premium-3.8.3.2965.tmp
4708	Malwarebytes.Premium-3.8.3.2965.tmp
4708	Malwarebytes.Premium-3.8.3.2965.tmp
4708	Malwarebytes.Premium-3.8.3.2965.tmp
4708	Malwarebytes.Premium-3.8.3.2965.tmp
4708	Malwarebytes.Premium-3.8.3.2965.tmp
4708	Malwarebytes.Premium-3.8.3.2965.tmp
4708	Malwarebytes.Premium-3.8.3.2965.tmp
4708	Malwarebytes.Premium-3.8.3.2965.tmp
4708	Malwarebytes.Premium-3.8.3.2965.tmp
4708	Malwarebytes.Premium-3.8.3.2965.tmp
4708	Malwarebytes.Premium-3.8.3.2965.tmp
4708	Malwarebytes.Premium-3.8.3.2965.tmp
4708	Malwarebytes.Premium-3.8.3.2965.tmp
4708	Malwarebytes.Premium-3.8.3.2965.tmp
4708	Malwarebytes.Premium-3.8.3.2965.tmp
4708	Malwarebytes.Premium-3.8.3.2965.tmp
4708	Malwarebytes.Premium-3.8.3.2965.tmp
4708	Malwarebytes.Premium-3.8.3.2965.tmp

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4708	Malwarebytes.Premium-3.8.3.2965.tmp
4708	Malwarebytes.Premium-3.8.3.2965.tmp
4708	Malwarebytes.Premium-3.8.3.2965.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4736 wrote to memory of 4708	4736	Malwarebytes.Premium-3.8.3.2965.exe	88
PID 4736 wrote to memory of 4708	4736	Malwarebytes.Premium-3.8.3.2965.exe	88
PID 4736 wrote to memory of 4708	4736	Malwarebytes.Premium-3.8.3.2965.exe	88

C:\Users\Admin\AppData\Local\Temp\Malwarebytes.Premium-3.8.3.2965.exe
"C:\Users\Admin\AppData\Local\Temp\Malwarebytes.Premium-3.8.3.2965.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4736
- C:\Users\Admin\AppData\Local\Temp\is-SNB94.tmp\Malwarebytes.Premium-3.8.3.2965.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-SNB94.tmp\Malwarebytes.Premium-3.8.3.2965.tmp" /SL5="$A0064,65543580,64512,C:\Users\Admin\AppData\Local\Temp\Malwarebytes.Premium-3.8.3.2965.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-MSNNN.tmp\ISTask.dll

Filesize
66KB

MD5
86a1311d51c00b278cb7f27796ea442e

SHA1
ac08ac9d08f8f5380e2a9a65f4117862aa861a19

SHA256
e916bdf232744e00cbd8d608168a019c9f41a68a7e8390aa48cfb525276c483d

SHA512
129e4b8dd2665bcfc5e72b4585343c51127b5d027dbb0234291e7a197baeca1bab5ed074e65e5e8c969ee01f9f65cc52c9993037416de9bfff2f872e5aeba7ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-MSNNN.tmp\VclStylesInno.dll

Filesize
2.8MB

MD5
7a61c2a5e3dee24661554a8561bd2ebc

SHA1
113ce50ba31b960dff3b1b8bc9704f1ece38a262

SHA256
fc2dbda0d6bafc6a926ee1b14c88f051cd167d8b0917d521cb794505b7e4cc60

SHA512
b1887019c26270b737634453f5e9c394c162a90275b4796dd546302c8690d66d7670df5e68cd23efa4fff4385af73db32d4f6935aceb63adcfb212dd401c2157

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-MSNNN.tmp\VclStylesInno.dll

Filesize
2.8MB

MD5
c6e89aaf38c0eca06edf054a92b329f5

SHA1
6d584f8dd182fed9ed914649dafd79f7c923e40f

SHA256
30f2dfd34fc0ea3e58a1269a59e6144dae975b85bae1afd33159686cf4c9bb72

SHA512
508b86a35333f0922a068221c51f991b8cdb712b38bc91c37756ef17967bebf073a34821786f86f781a1d5906d6b3895ea6f7f23ba5be0a739cccb43281c208b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-SNB94.tmp\Malwarebytes.Premium-3.8.3.2965.tmp

Filesize
911KB

MD5
744ba0c4c46a9f427fb5fa7130af7425

SHA1
fcf822dab74a09e85bb0492ce4af54bf4d76774c

SHA256
a4140458fb82c7cccebfa875b11ef3e423f24d35d2f34db3d124e5fae3a9d4e4

SHA512
92fb67fa9967840d343f88c2521f99248deb12f97bbef170df212a52799068acc9cbe7d3d93f21365c790460faf1d817e6d344921651dd0ec5bd5f78c8b7a0a0

Download Submit
memory/4708-52-0x00000000079E0000-0x00000000079E1000-memory.dmp

Filesize
4KB

Download
memory/4708-57-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/4708-23-0x00000000074E0000-0x00000000077FA000-memory.dmp

Filesize
3.1MB

Download
memory/4708-25-0x0000000007950000-0x0000000007951000-memory.dmp

Filesize
4KB

Download
memory/4708-26-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/4708-27-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/4708-28-0x0000000007960000-0x0000000007961000-memory.dmp

Filesize
4KB

Download
memory/4708-29-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/4708-30-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/4708-31-0x0000000007970000-0x0000000007971000-memory.dmp

Filesize
4KB

Download
memory/4708-32-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/4708-33-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/4708-34-0x0000000007980000-0x0000000007981000-memory.dmp

Filesize
4KB

Download
memory/4708-35-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/4708-36-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/4708-37-0x0000000007990000-0x0000000007991000-memory.dmp

Filesize
4KB

Download
memory/4708-38-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/4708-39-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/4708-41-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/4708-40-0x00000000079A0000-0x00000000079A1000-memory.dmp

Filesize
4KB

Download
memory/4708-42-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/4708-43-0x00000000079B0000-0x00000000079B1000-memory.dmp

Filesize
4KB

Download
memory/4708-44-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/4708-45-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/4708-46-0x00000000079C0000-0x00000000079C1000-memory.dmp

Filesize
4KB

Download
memory/4708-47-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/4708-48-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/4708-49-0x00000000079D0000-0x00000000079D1000-memory.dmp

Filesize
4KB

Download
memory/4708-50-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/4708-51-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/4708-53-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/4708-54-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/4708-6-0x00000000023E0000-0x00000000023E1000-memory.dmp

Filesize
4KB

Download
memory/4708-59-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/4708-17-0x00000000072B0000-0x00000000072C6000-memory.dmp

Filesize
88KB

Download
memory/4708-56-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/4708-55-0x00000000079F0000-0x00000000079F1000-memory.dmp

Filesize
4KB

Download
memory/4708-61-0x0000000007A10000-0x0000000007A11000-memory.dmp

Filesize
4KB

Download
memory/4708-58-0x0000000007A00000-0x0000000007A01000-memory.dmp

Filesize
4KB

Download
memory/4708-62-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/4708-60-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/4708-63-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/4708-64-0x0000000007A20000-0x0000000007A21000-memory.dmp

Filesize
4KB

Download
memory/4708-65-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/4708-66-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/4708-67-0x0000000007A30000-0x0000000007A31000-memory.dmp

Filesize
4KB

Download
memory/4708-68-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/4708-69-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/4708-71-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/4708-72-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/4708-70-0x0000000007A40000-0x0000000007A41000-memory.dmp

Filesize
4KB

Download
memory/4708-73-0x0000000007A50000-0x0000000007A51000-memory.dmp

Filesize
4KB

Download
memory/4708-74-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/4708-75-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/4708-76-0x0000000007A60000-0x0000000007A61000-memory.dmp

Filesize
4KB

Download
memory/4708-77-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/4708-78-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/4708-79-0x0000000007A70000-0x0000000007A71000-memory.dmp

Filesize
4KB

Download
memory/4708-81-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/4708-82-0x0000000007A80000-0x0000000007A81000-memory.dmp

Filesize
4KB

Download
memory/4708-83-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/4708-80-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/4708-84-0x0000000007800000-0x0000000007940000-memory.dmp

Filesize
1.2MB

Download
memory/4708-87-0x00000000073D0000-0x00000000073D1000-memory.dmp

Filesize
4KB

Download
memory/4708-100-0x00000000073D0000-0x00000000073D1000-memory.dmp

Filesize
4KB

Download
memory/4708-99-0x00000000023E0000-0x00000000023E1000-memory.dmp

Filesize
4KB

Download
memory/4736-94-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4736-2-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4736-0-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download