Overview

overview

7

Static

static

3

78eb9b9447...11.exe

windows7-x64

7

78eb9b9447...11.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    08-03-2024 01:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    78eb9b9447ffa0d009982e9ae5f8dd11.exe

  • Size

    267KB

  • MD5

    78eb9b9447ffa0d009982e9ae5f8dd11

  • SHA1

    58f8cfaf235d69b986d0719b866109a0af13f76c

  • SHA256

    ec70aef089d610de5ecd0f808b064f2ccfdd6b906cfd5d71dfe6bf725ce4d7b0

  • SHA512

    12bd84dc7e97bf18edbc39e6382c4465457fd5b7ac17b7073115be39dd1886ae79b071403f7e468e0f54adc47bd7986b377828c6174e49e9eaf272ac888f9dde

  • SSDEEP

    3072:lxUm75Fku3eKeJk21ZSJReOqlz+mErj+HyHnNVIPL/+ybbiGF+1u46Q7q303lU8O:fU8DkpP1oJ1qlzUWUNVIT/bbbIW09R

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\78eb9b9447ffa0d009982e9ae5f8dd11.exe
    "C:\Users\Admin\AppData\Local\Temp\78eb9b9447ffa0d009982e9ae5f8dd11.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1748
    • C:\Program Files\provided\obtains.exe
      "C:\Program Files\provided\obtains.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:1744

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\provided\obtains.exe
    Filesize

    180KB

    MD5

    4754a24f54d872be7806d22e35dd0ddb

    SHA1

    cd75327b77197b2ad97887de6e913cc8d3da927b

    SHA256

    511ff28985507fb5f271fe318c37aef5e288a79f80041779ce00840eb09a1314

    SHA512

    6b354d90828bd94675c032123eb5d4293632ad3a94087f443ba8cc6cd57308eb614b91de079f6f62a18274617f15e8ea07a12ca2bf3bb490bc557cda2a7f958e

    Download Submit

  • C:\Program Files\provided\obtains.exe
    Filesize

    159KB

    MD5

    854dbe5e9f77022d6a97c34db6a12f11

    SHA1

    fc9f995583766090e18dd02fda6da2c89a836fee

    SHA256

    099c56624b07f230096d5f8db54788f2ddbf22d94755b1e8970f0b683b9b53bb

    SHA512

    36923c4c2372f110a76a23b27358b8dc63a34d004438e340f153d70e6602562df25314cb2ccf1d8657659f582a116ac291cde3dacfad2bd9d44839422c12af74

    Download Submit

  • \Program Files\provided\obtains.exe
    Filesize

    248KB

    MD5

    6b7c65ea2ba88ebd078fa8489c1ab468

    SHA1

    da2e5ce8fcbe8b9760830fd6a1aa8082c48591e8

    SHA256

    f2d0a293c77fd4d4628ec9765fd95d8d08c402c3e3915b280779a090ab579a22

    SHA512

    563ff71087d07ef1dcfd75b789932ef641c101b8394b590dbdfb25cca560ac1899dfad54f09c095dc6aac598d351de91049f6c21340590c3cd14dadba220dde6

    Download Submit

  • \Program Files\provided\obtains.exe
    Filesize

    267KB

    MD5

    691ed536dcd608f04b72503991dbfc04

    SHA1

    1cd75c579d8aa8b6c0ed3b22caf510c15f4d1303

    SHA256

    404d35e4ea8664bbe60343b3745c3ae84edb40e7472a1755cbd13ba1a8c0305d

    SHA512

    2383d8d26f39871b9145b589f5af71c770fea2bb9e0337100307ac92dcb5cfbb787a1024e316f01acab91b1986311e4747fdb2ce4be3c8a27f52985beadf1082

    Download Submit