Overview

overview

7

Static

static

3

c35a0968e0...52.exe

windows7-x64

7

c35a0968e0...52.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    12/03/2024, 12:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c35a0968e0f3d953b048df6d0b0ec252.exe

  • Size

    71KB

  • MD5

    c35a0968e0f3d953b048df6d0b0ec252

  • SHA1

    10cc78216d21484140cc4adc069c3fb3a24e5aef

  • SHA256

    d54c6c947bf25d38362a3a670928972b3d4cad6367daa52122b1ee632cbd77f2

  • SHA512

    b1f6e4fd1e3fc03bbf24a41cebf6af221cc8ea5798b34d70b8592f36cd0976fbbee606c8185d94163f3624f0890be87854a5624fdb6b9402de418a0818081787

  • SSDEEP

    1536:7U4rR6SQvTg9wnLC/NrTTF4YTTTTTLTTYQuPTTTTTTTTTTTTTTTTTTTTTTTTTTTQ:/rsHJn2lZ7h

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c35a0968e0f3d953b048df6d0b0ec252.exe
    "C:\Users\Admin\AppData\Local\Temp\c35a0968e0f3d953b048df6d0b0ec252.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2072
    • C:\Windows\SysWOW64\galle.exe
      C:\Windows\system32\galle.exe
      2⤵
      • Executes dropped EXE
      PID:2488

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Windows\SysWOW64\galle.exe
    Filesize

    20KB

    MD5

    8abe3fcfe0791df040abbe85c03a6c97

    SHA1

    01d4ac44a4ba9edd9998f8be0ec1354c3df511c4

    SHA256

    986b81412273a2cb454db21088ebc13e7db11af08f1cb9b6eb00ec379a604e91

    SHA512

    c6e48e50a7045bb5a56d67722d2087a244d47bed5dec4dfb19140cf9cd43d1990344aae24354417452f37ba35611233ad5e28f41d174b7e0a7268ae891ff7c57

    Download Submit

  • memory/2072-0-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2072-25-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2488-10-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2488-12-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2488-14-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2488-15-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2488-18-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2488-19-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2488-26-0x0000000000400000-0x0000000000402C00-memory.dmp

    Filesize

    11KB

    Download