Analysis
-
max time kernel
140s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
10/03/2024, 14:57
Static task
static1
Behavioral task
behavioral1
Sample
bee5f2fad8536de09059278ee803b902.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
bee5f2fad8536de09059278ee803b902.exe
Resource
win10v2004-20231215-en
General
-
Target
bee5f2fad8536de09059278ee803b902.exe
-
Size
9.4MB
-
MD5
bee5f2fad8536de09059278ee803b902
-
SHA1
869dcf08ef1f5d9fe23ef56986eec4c3d5041b65
-
SHA256
7c25dac4fd97ac041aee989706ee614a2bf91f45f4ea4239898ed5d60d4cc52b
-
SHA512
fd322f6b5016f316f74d0b5d6cfa8e2f3328852cf0818fd58864b57e757240bec6047a38a09b3f1d3e483227d11612eb14e2ab7b63b3bdf5e1f1c64f6b101964
-
SSDEEP
49152:EQFRHrmQG+wrmQG+brmQG+CQrmQG+wrxQG+CQrmQG+wrHIQG+wrJmQG+brmQG+CI:EcKOvpxZpxgYvpx62vpxdEvpx
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 4532 usk.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 4532 usk.exe -
Suspicious use of SendNotifyMessage 1 IoCs
pid Process 4532 usk.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 4532 usk.exe 4532 usk.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 5044 wrote to memory of 4532 5044 bee5f2fad8536de09059278ee803b902.exe 85 PID 5044 wrote to memory of 4532 5044 bee5f2fad8536de09059278ee803b902.exe 85 PID 5044 wrote to memory of 4532 5044 bee5f2fad8536de09059278ee803b902.exe 85
Processes
-
C:\Users\Admin\AppData\Local\Temp\bee5f2fad8536de09059278ee803b902.exe"C:\Users\Admin\AppData\Local\Temp\bee5f2fad8536de09059278ee803b902.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:5044 -
C:\Users\Admin\AppData\Local\Temp\usk.exeC:\Users\Admin\AppData\Local\Temp\usk.exe -run C:\Users\Admin\AppData\Local\Temp\bee5f2fad8536de09059278ee803b902.exe2⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4532
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.3MB
MD518d0181c83717d157ccf0e7b25364eb1
SHA1bd68e4141beb5866a11a9efcb7e5409ea7e6a8a5
SHA256c1e2d9324fbbfcb40e1c2f9be6427bb5eb49ab0f77934bf720a28241d90f1fa4
SHA512112e6e8ee6dca591f940838d5782dbc8a410757d704f56a1b538c42b07ec97e434f027184e91377f983af76ced03157026d671bce79296a960f3b0d096dae47b
-
Filesize
1.9MB
MD5d7771d390e0b9dd8f4b6b3ef9da6868b
SHA18d78ddc0423ca10ab92e3ac183ad0b53057ff567
SHA25650bdf5b4dea342d6060a67ad6e476ee9b91f0b321392ee00149aab320fa8934c
SHA512cde073348f370495b0077d93a34796107c6c756e44585a723c8bc785be951fa19bdb66b7b73d3e53e1dab588f9319f241cc83d9d4877c6121073150ec88d62ae