0018aa2c1cc22b7ccd3a03a3bc349ff8aecc9bffd3b22823e33887457da8804a | Triage

Analysis

max time kernel
147s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/02/2024, 01:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a1534b1769c900e2c65ec0e1f27a672f.exe
Size

384KB
MD5

a1534b1769c900e2c65ec0e1f27a672f
SHA1

545088b64d4d9daa3b126fd4023687d05abc4fd9
SHA256

0018aa2c1cc22b7ccd3a03a3bc349ff8aecc9bffd3b22823e33887457da8804a
SHA512

3c1217114c355eab2f002ad9cd81a732c48bc9ff077d0fa475c5241d92e737475cffd7cf63ec96130c8b7f5acce05f82918e69d1923f8ad18f811eaa41294d27
SSDEEP

12288:VplrVbDdQaqdS/ofraFErH8uB2Wm0SXsNr5FU:HxRQ+Fucuvm0as

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2088	several.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\Reference\several.exe	a1534b1769c900e2c65ec0e1f27a672f.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
4688	a1534b1769c900e2c65ec0e1f27a672f.exe
4688	a1534b1769c900e2c65ec0e1f27a672f.exe
4688	a1534b1769c900e2c65ec0e1f27a672f.exe
4688	a1534b1769c900e2c65ec0e1f27a672f.exe
2088	several.exe
2088	several.exe
2088	several.exe
2088	several.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4688 wrote to memory of 2088	4688	a1534b1769c900e2c65ec0e1f27a672f.exe	90
PID 4688 wrote to memory of 2088	4688	a1534b1769c900e2c65ec0e1f27a672f.exe	90
PID 4688 wrote to memory of 2088	4688	a1534b1769c900e2c65ec0e1f27a672f.exe	90

C:\Users\Admin\AppData\Local\Temp\a1534b1769c900e2c65ec0e1f27a672f.exe
"C:\Users\Admin\AppData\Local\Temp\a1534b1769c900e2c65ec0e1f27a672f.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4688
- C:\Program Files\Reference\several.exe
  "C:\Program Files\Reference\several.exe" "33201"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2088

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Reference\several.exe

Filesize
384KB

MD5
305e7f42ae670aac3039dafa8361c8ef

SHA1
7d2a92937b175c793f1b589a404c828fc429c646

SHA256
b66b2811c0ff8cec09ecfdb19db2af91bcf034bcfe693556175658a46d43ad59

SHA512
d2f79b2de5e173dfc3d7a3294931ce289c3a328c0649a3c84f7023c52dc814493356a006a1046634d839a593c8606f6a9a5fd581bf15a966d3ba8d1eb1b88272

Download Submit