0a4825adbc2a6c3a148eaee202deb8c4d4c5e357824b1d9c3dcb824a6f2f6399 | Triage

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/02/2024, 04:12

Sharing

Report Analysis Logs

General

Target

e49e68796fded179646edc38587d2104.exe
Size

386KB
MD5

e49e68796fded179646edc38587d2104
SHA1

c8d4bba2176abe2944cfc13783e59f12d029bde4
SHA256

0a4825adbc2a6c3a148eaee202deb8c4d4c5e357824b1d9c3dcb824a6f2f6399
SHA512

fff888f111f04b22f3030dad1937475a709d1ef5417e977a0059ed48161ad088808d66bb57d74236fe72d2a87e0f235c7e7fd01b31bb611d35bfd85b07726a8c
SSDEEP

12288:9plrVbDdQaqdS/ofraFErH8uB2Wm0SXsNr5FU:fxRQ+Fucuvm0as

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1812	Synthesis.exe

Loads dropped DLL 2 IoCs

pid	Process
2380	e49e68796fded179646edc38587d2104.exe
2380	e49e68796fded179646edc38587d2104.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\Multimedia\Synthesis.exe	e49e68796fded179646edc38587d2104.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2380	e49e68796fded179646edc38587d2104.exe
2380	e49e68796fded179646edc38587d2104.exe
2380	e49e68796fded179646edc38587d2104.exe
2380	e49e68796fded179646edc38587d2104.exe
1812	Synthesis.exe
1812	Synthesis.exe
1812	Synthesis.exe
1812	Synthesis.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 1812	2380	e49e68796fded179646edc38587d2104.exe	28
PID 2380 wrote to memory of 1812	2380	e49e68796fded179646edc38587d2104.exe	28
PID 2380 wrote to memory of 1812	2380	e49e68796fded179646edc38587d2104.exe	28
PID 2380 wrote to memory of 1812	2380	e49e68796fded179646edc38587d2104.exe	28

C:\Users\Admin\AppData\Local\Temp\e49e68796fded179646edc38587d2104.exe
"C:\Users\Admin\AppData\Local\Temp\e49e68796fded179646edc38587d2104.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Program Files\Multimedia\Synthesis.exe
  "C:\Program Files\Multimedia\Synthesis.exe" "33201"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1812

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Program Files\Multimedia\Synthesis.exe

Filesize
387KB

MD5
620d58d4d607d318ce6736499608f6c9

SHA1
214c378e91979ee6b69d3dd2913ee703c907cd31

SHA256
d0d8d034137b89ebf866a646fa3e903f8903fe5693ae90907b359d3ce46a2339

SHA512
bda2a4e3d1eee265d8b39287581555d460a7fb854cb61b9a3fbc458436a62c30e112bc11ab9a6cd8e6eab7842251f6227229df709942fb86b5bb52aa5094761f

Download Submit