37d5281ba71c14a37b03968ccda7a272d6e4cc0a12c91c4d873f8a834794ccef

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/02/2024, 08:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ab717f40cdee1c76156c49f9e51bdbd4.exe
Size

197KB
MD5

ab717f40cdee1c76156c49f9e51bdbd4
SHA1

61976a5cd8570f641e5f3ba64b680d4d4d4617cb
SHA256

37d5281ba71c14a37b03968ccda7a272d6e4cc0a12c91c4d873f8a834794ccef
SHA512

d7917372f37d1c2cb8fef43e1aff6fc189a48c5dc0882e1d39a4cbfaaca23cf902d2663d824bba6748b2e309fc49b5ebc69d516881c8b3dd3df6a27f74e8f23b
SSDEEP

3072:AgcGikULtf5TJWkKxHDnEpY9k2VSO7PKQbu0UYgFZIYxZ4txSMcqEEeKvV3w:HwLtf5Q5Ff9zVSoPKQbiYXYexDwE7w

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2792	tasklist32.exe
2628	tasklist32.exe

Loads dropped DLL 4 IoCs

pid	Process
2828	ab717f40cdee1c76156c49f9e51bdbd4.exe
2828	ab717f40cdee1c76156c49f9e51bdbd4.exe
2792	tasklist32.exe
2792	tasklist32.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	\??\c:\windows\SysWOW64\tasklist32.exe	ab717f40cdee1c76156c49f9e51bdbd4.exe
File opened for modification	\??\c:\windows\SysWOW64\tasklist32.exe	ab717f40cdee1c76156c49f9e51bdbd4.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2828	ab717f40cdee1c76156c49f9e51bdbd4.exe
2792	tasklist32.exe
2628	tasklist32.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2828 wrote to memory of 2792	2828	ab717f40cdee1c76156c49f9e51bdbd4.exe	28
PID 2828 wrote to memory of 2792	2828	ab717f40cdee1c76156c49f9e51bdbd4.exe	28
PID 2828 wrote to memory of 2792	2828	ab717f40cdee1c76156c49f9e51bdbd4.exe	28
PID 2828 wrote to memory of 2792	2828	ab717f40cdee1c76156c49f9e51bdbd4.exe	28
PID 2792 wrote to memory of 2628	2792	tasklist32.exe	29
PID 2792 wrote to memory of 2628	2792	tasklist32.exe	29
PID 2792 wrote to memory of 2628	2792	tasklist32.exe	29
PID 2792 wrote to memory of 2628	2792	tasklist32.exe	29

C:\Users\Admin\AppData\Local\Temp\ab717f40cdee1c76156c49f9e51bdbd4.exe
"C:\Users\Admin\AppData\Local\Temp\ab717f40cdee1c76156c49f9e51bdbd4.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2828
- \??\c:\windows\SysWOW64\tasklist32.exe
  c:\windows\system32\tasklist32.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2792
- - \??\c:\windows\SysWOW64\tasklist32.exe
    c:\windows\system32\tasklist32.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Windows\SysWOW64\tasklist32.exe

Filesize
197KB

MD5
ab717f40cdee1c76156c49f9e51bdbd4

SHA1
61976a5cd8570f641e5f3ba64b680d4d4d4617cb

SHA256
37d5281ba71c14a37b03968ccda7a272d6e4cc0a12c91c4d873f8a834794ccef

SHA512
d7917372f37d1c2cb8fef43e1aff6fc189a48c5dc0882e1d39a4cbfaaca23cf902d2663d824bba6748b2e309fc49b5ebc69d516881c8b3dd3df6a27f74e8f23b

Download Submit
memory/2628-28-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2628-24-0x0000000000020000-0x0000000000022000-memory.dmp

Filesize
8KB

Download
memory/2792-25-0x0000000002850000-0x0000000002A7A000-memory.dmp

Filesize
2.2MB

Download
memory/2792-32-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2792-31-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2792-15-0x0000000000020000-0x0000000000022000-memory.dmp

Filesize
8KB

Download
memory/2792-18-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2792-22-0x0000000002850000-0x0000000002A7A000-memory.dmp

Filesize
2.2MB

Download
memory/2828-7-0x0000000002A70000-0x0000000002C9A000-memory.dmp

Filesize
2.2MB

Download
memory/2828-13-0x0000000002A70000-0x0000000002C9A000-memory.dmp

Filesize
2.2MB

Download
memory/2828-30-0x0000000002A70000-0x0000000002C9A000-memory.dmp

Filesize
2.2MB

Download
memory/2828-29-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2828-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2828-1-0x0000000000020000-0x0000000000022000-memory.dmp

Filesize
8KB

Download