Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
05-03-2024 02:46
Static task
static1
Behavioral task
behavioral1
Sample
b39369b7ec82f688abfefa8040a9508a.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b39369b7ec82f688abfefa8040a9508a.exe
Resource
win10v2004-20240226-en
General
-
Target
b39369b7ec82f688abfefa8040a9508a.exe
-
Size
38KB
-
MD5
b39369b7ec82f688abfefa8040a9508a
-
SHA1
e75d8b69c1a7591be07e80b477a3a9bed5c9d49d
-
SHA256
bd211ecbb120889ac6cee9b51bd8ca180e8cb19fe32c40cc3f734990b3ef9f9f
-
SHA512
eaf74bff7a709ea8d8c9e93128423c62b1cadb193ee5994ca8d8612319e10e277899cf899229bab665a0328219401e3489bb2bbdf0d6cf56392390b26de3baa6
-
SSDEEP
768:zdSqemqpj1O7K+ZO4ZZQsYni6sq7E+UOTy:5reDjpQOcZNYnir1OTy
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
b39369b7ec82f688abfefa8040a9508a.exepid process 2968 b39369b7ec82f688abfefa8040a9508a.exe -
Suspicious use of SetThreadContext 1 IoCs
Processes:
b39369b7ec82f688abfefa8040a9508a.exedescription pid process target process PID 2968 set thread context of 2884 2968 b39369b7ec82f688abfefa8040a9508a.exe b39369b7ec82f688abfefa8040a9508a.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
b39369b7ec82f688abfefa8040a9508a.exepid process 2968 b39369b7ec82f688abfefa8040a9508a.exe -
Suspicious use of WriteProcessMemory 8 IoCs
Processes:
b39369b7ec82f688abfefa8040a9508a.exedescription pid process target process PID 2968 wrote to memory of 2884 2968 b39369b7ec82f688abfefa8040a9508a.exe b39369b7ec82f688abfefa8040a9508a.exe PID 2968 wrote to memory of 2884 2968 b39369b7ec82f688abfefa8040a9508a.exe b39369b7ec82f688abfefa8040a9508a.exe PID 2968 wrote to memory of 2884 2968 b39369b7ec82f688abfefa8040a9508a.exe b39369b7ec82f688abfefa8040a9508a.exe PID 2968 wrote to memory of 2884 2968 b39369b7ec82f688abfefa8040a9508a.exe b39369b7ec82f688abfefa8040a9508a.exe PID 2968 wrote to memory of 2884 2968 b39369b7ec82f688abfefa8040a9508a.exe b39369b7ec82f688abfefa8040a9508a.exe PID 2968 wrote to memory of 2884 2968 b39369b7ec82f688abfefa8040a9508a.exe b39369b7ec82f688abfefa8040a9508a.exe PID 2968 wrote to memory of 2884 2968 b39369b7ec82f688abfefa8040a9508a.exe b39369b7ec82f688abfefa8040a9508a.exe PID 2968 wrote to memory of 2884 2968 b39369b7ec82f688abfefa8040a9508a.exe b39369b7ec82f688abfefa8040a9508a.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\b39369b7ec82f688abfefa8040a9508a.exe"C:\Users\Admin\AppData\Local\Temp\b39369b7ec82f688abfefa8040a9508a.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\b39369b7ec82f688abfefa8040a9508a.exe"C:\Users\Admin\AppData\Local\Temp\b39369b7ec82f688abfefa8040a9508a.exe"2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\GdDbfFkd6k.logFilesize
10KB
MD57d302421ec83f28a2446b3773214c247
SHA14c2b3dbdeecd9afb3e65ced3d6fa2ef33a79dc94
SHA256c7b09518fe5100b7909e6f3adc3fcab85394360601809b344339c806298806f5
SHA5126c427dbc26fae36c91d3fcbd88389914036622b8161d7e480c90031ae597e67f7b08aaa10890dfa40f45363d18e6c81b35a7c42dee6ad4aba442c44a05bb55c4
-
memory/2884-24-0x0000000000400000-0x0000000000404000-memory.dmpFilesize
16KB
-
memory/2884-26-0x0000000000400000-0x0000000000404000-memory.dmpFilesize
16KB
-
memory/2884-28-0x0000000000400000-0x0000000000404000-memory.dmpFilesize
16KB
-
memory/2884-30-0x0000000000400000-0x0000000000404000-memory.dmpFilesize
16KB
-
memory/2884-34-0x0000000000400000-0x0000000000404000-memory.dmpFilesize
16KB
-
memory/2884-38-0x0000000000400000-0x0000000000404000-memory.dmpFilesize
16KB
-
memory/2884-39-0x0000000000400000-0x0000000000404000-memory.dmpFilesize
16KB
-
memory/2968-18-0x0000000000310000-0x0000000000320000-memory.dmpFilesize
64KB
-
memory/2968-19-0x0000000000310000-0x0000000000320000-memory.dmpFilesize
64KB