ccd8a0432a1139de7637524d5039c2cd8d9bfc927d12edffc01c10e9d69a0857

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06/03/2024, 08:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b6ff7010adef1ce8a00f569bdc07bdb1.exe
Size

9.7MB
MD5

b6ff7010adef1ce8a00f569bdc07bdb1
SHA1

467dda1fd77cc5b05f2ac199da932d5d2f64b277
SHA256

ccd8a0432a1139de7637524d5039c2cd8d9bfc927d12edffc01c10e9d69a0857
SHA512

7da9417a7de2dc7b2ee3cf429fe7d76de474b2fe58c1fb1ed85c8e07110e77ab048a08a679358060c116f3be5f40cf12c7aa02a7a9cdb38b997a426022c0efa6
SSDEEP

49152:EQFRHrmQG+yrY+FrNQFRHrZyrY+FrNQFRHrlGls+FrNQFRHrZyrY+FrNQFRH9rYL:EcKvcocococ1c6cocHcoc1c6cQc1cK

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4708	eqp.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4708	eqp.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
4708	eqp.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4708	eqp.exe
4708	eqp.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1452 wrote to memory of 4708	1452	b6ff7010adef1ce8a00f569bdc07bdb1.exe	88
PID 1452 wrote to memory of 4708	1452	b6ff7010adef1ce8a00f569bdc07bdb1.exe	88
PID 1452 wrote to memory of 4708	1452	b6ff7010adef1ce8a00f569bdc07bdb1.exe	88

C:\Users\Admin\AppData\Local\Temp\b6ff7010adef1ce8a00f569bdc07bdb1.exe
"C:\Users\Admin\AppData\Local\Temp\b6ff7010adef1ce8a00f569bdc07bdb1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1452
- C:\Users\Admin\AppData\Local\Temp\eqp.exe
  C:\Users\Admin\AppData\Local\Temp\eqp.exe -run C:\Users\Admin\AppData\Local\Temp\b6ff7010adef1ce8a00f569bdc07bdb1.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\eqp.exe

Filesize
12.2MB

MD5
faa88e43c0e5a3daf18ba47f0d2d7042

SHA1
48d99bcf3f8529006fbbcdc9f94337aff14b2bc3

SHA256
a07c70ec49b5e8af77c015d6925d9a1a6cd82a49730cdf519ef98f874491f2bb

SHA512
d18232efc29f9bb2a382cdad783246c02f60306fa30398cd18453cc0e6c63e5420224d0921bab89a35f9f69958b71fc4c0030bf9886f9bee126cdba3f7a30fbc

Download Submit
memory/1452-0-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/1452-1-0x0000000002310000-0x0000000002360000-memory.dmp

Filesize
320KB

Download
memory/1452-2-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/1452-3-0x0000000002300000-0x0000000002301000-memory.dmp

Filesize
4KB

Download
memory/1452-4-0x00000000022F0000-0x00000000022F1000-memory.dmp

Filesize
4KB

Download
memory/1452-5-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/1452-6-0x00000000022E0000-0x00000000022E1000-memory.dmp

Filesize
4KB

Download
memory/1452-7-0x0000000002360000-0x0000000002361000-memory.dmp

Filesize
4KB

Download
memory/1452-8-0x00000000024C0000-0x00000000024C1000-memory.dmp

Filesize
4KB

Download
memory/1452-9-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/1452-10-0x0000000002380000-0x0000000002381000-memory.dmp

Filesize
4KB

Download
memory/1452-11-0x0000000002DA0000-0x0000000002DA2000-memory.dmp

Filesize
8KB

Download
memory/1452-12-0x0000000002570000-0x0000000002571000-memory.dmp

Filesize
4KB

Download
memory/1452-13-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/1452-14-0x0000000002520000-0x0000000002521000-memory.dmp

Filesize
4KB

Download
memory/1452-15-0x0000000002550000-0x0000000002551000-memory.dmp

Filesize
4KB

Download
memory/1452-17-0x0000000002500000-0x0000000002501000-memory.dmp

Filesize
4KB

Download
memory/1452-19-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/1452-18-0x0000000002540000-0x0000000002541000-memory.dmp

Filesize
4KB

Download
memory/1452-20-0x0000000002590000-0x0000000002591000-memory.dmp

Filesize
4KB

Download
memory/1452-21-0x0000000002620000-0x0000000002621000-memory.dmp

Filesize
4KB

Download
memory/1452-22-0x00000000025E0000-0x00000000025E1000-memory.dmp

Filesize
4KB

Download
memory/1452-23-0x00000000025D0000-0x00000000025D1000-memory.dmp

Filesize
4KB

Download
memory/1452-24-0x0000000002600000-0x0000000002601000-memory.dmp

Filesize
4KB

Download
memory/1452-25-0x00000000025C0000-0x00000000025C1000-memory.dmp

Filesize
4KB

Download
memory/1452-26-0x00000000025F0000-0x00000000025F1000-memory.dmp

Filesize
4KB

Download
memory/1452-27-0x0000000002610000-0x0000000002611000-memory.dmp

Filesize
4KB

Download
memory/1452-28-0x0000000002D90000-0x0000000002D96000-memory.dmp

Filesize
24KB

Download
memory/1452-29-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/1452-30-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/1452-34-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/1452-36-0x0000000002E60000-0x0000000002E61000-memory.dmp

Filesize
4KB

Download
memory/1452-37-0x0000000002310000-0x0000000002360000-memory.dmp

Filesize
320KB

Download
memory/1452-38-0x0000000002E60000-0x0000000002E61000-memory.dmp

Filesize
4KB

Download
memory/1452-35-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/4708-39-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/4708-40-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4708-41-0x0000000003970000-0x0000000003CF4000-memory.dmp

Filesize
3.5MB

Download
memory/4708-43-0x0000000003970000-0x0000000003CF4000-memory.dmp

Filesize
3.5MB

Download
memory/4708-44-0x0000000003970000-0x0000000003971000-memory.dmp

Filesize
4KB

Download
memory/4708-45-0x0000000003970000-0x0000000003971000-memory.dmp

Filesize
4KB

Download
memory/4708-46-0x0000000003970000-0x0000000003971000-memory.dmp

Filesize
4KB

Download
memory/4708-47-0x0000000003970000-0x0000000003971000-memory.dmp

Filesize
4KB

Download
memory/4708-48-0x0000000003970000-0x0000000003971000-memory.dmp

Filesize
4KB

Download
memory/4708-50-0x0000000003970000-0x0000000003971000-memory.dmp

Filesize
4KB

Download
memory/4708-51-0x0000000003970000-0x0000000003971000-memory.dmp

Filesize
4KB

Download
memory/4708-49-0x0000000003970000-0x0000000003971000-memory.dmp

Filesize
4KB

Download
memory/4708-52-0x0000000003970000-0x0000000003971000-memory.dmp

Filesize
4KB

Download
memory/4708-54-0x0000000003970000-0x0000000003971000-memory.dmp

Filesize
4KB

Download
memory/4708-53-0x0000000003970000-0x0000000003971000-memory.dmp

Filesize
4KB

Download
memory/4708-55-0x0000000003970000-0x0000000003971000-memory.dmp

Filesize
4KB

Download
memory/4708-56-0x0000000003970000-0x0000000003971000-memory.dmp

Filesize
4KB

Download
memory/4708-57-0x0000000003970000-0x0000000003971000-memory.dmp

Filesize
4KB

Download
memory/4708-58-0x0000000003970000-0x0000000003971000-memory.dmp

Filesize
4KB

Download
memory/4708-59-0x0000000003970000-0x0000000003971000-memory.dmp

Filesize
4KB

Download
memory/4708-60-0x0000000003970000-0x0000000003971000-memory.dmp

Filesize
4KB

Download
memory/4708-62-0x0000000003970000-0x0000000003971000-memory.dmp

Filesize
4KB

Download
memory/4708-61-0x0000000003970000-0x0000000003971000-memory.dmp

Filesize
4KB

Download
memory/4708-64-0x0000000003970000-0x0000000003971000-memory.dmp

Filesize
4KB

Download
memory/4708-65-0x0000000003970000-0x0000000003971000-memory.dmp

Filesize
4KB

Download
memory/4708-63-0x0000000003970000-0x0000000003971000-memory.dmp

Filesize
4KB

Download
memory/4708-66-0x0000000003970000-0x0000000003971000-memory.dmp

Filesize
4KB

Download
memory/4708-67-0x0000000003970000-0x0000000003971000-memory.dmp

Filesize
4KB

Download
memory/4708-68-0x0000000003970000-0x0000000003971000-memory.dmp

Filesize
4KB

Download
memory/4708-69-0x0000000003970000-0x0000000003971000-memory.dmp

Filesize
4KB

Download
memory/4708-160-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download