Overview

overview

7

Static

static

3

c423141fb4...88.exe

windows7-x64

7

c423141fb4...88.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    12/03/2024, 19:08

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    c423141fb42695ca0490bc9da2199288.exe

  • Size

    73KB

  • MD5

    c423141fb42695ca0490bc9da2199288

  • SHA1

    c5e68a38e9c6d548b76c2888ea29102202a7fbd2

  • SHA256

    33dcedef5afeaffca1a2113774842ea37f53f4b3c5d292cc574fbf8272b86369

  • SHA512

    530fdb90d238811752d3406bd9693e0f703fed70ba59d887a385dae493c0b3875498317a5e989e7aa133fe02cb2a2068ea0a3b952840a10b9c9606716a3a3f3b

  • SSDEEP

    1536:Z45NKceou5seh8tgN3y6/N5pcVtefGonKOshCi3a:ZiK1ou5XhlC617cDzoGhL3

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 5 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c423141fb42695ca0490bc9da2199288.exe
    "C:\Users\Admin\AppData\Local\Temp\c423141fb42695ca0490bc9da2199288.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:944
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c 2.bat
      2⤵
        PID:1936
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c 2.bat
        2⤵
          PID:2640

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Temp\2.bat
              Filesize

              42B

              MD5

              f1914a6257e077626c59e07a8ce85f0d

              SHA1

              a030ae8b9cc0d743f903e2efee62a87b4cc49f07

              SHA256

              b1c3418e1316af7f986f2fa1ef30e4c0d1a6c37ba349b88bcecca2d33ad96137

              SHA512

              7dd041c71b41453d0687ee8734d97e42b1ad8b64bfa0c025d837bd2384df4fd4fbbf3fbe1c6e0b5800e4fa2749d171544abd92a17f2bfba66d9ba744e508ec6f

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\2.bat
              Filesize

              53B

              MD5

              2b1d12825d2a343f92c82062239a7c91

              SHA1

              fe7bfa43236af047980d708f8d010102e51f6dab

              SHA256

              b72bc9d4c525dc469239d4ed8f1b4c63307295cc4c65b5ef677e5517d40216ce

              SHA512

              2c979dfa18850e313690133a8007ed854f685a1196a1449056ea81cc348b357562f963709ad6de6c4df76f2fb7ff1b36e6e5ef0c226b2299dd84e03f32149c7e

              Download Submit

            • \Windows\debug\B831406A9770.dll
              Filesize

              154KB

              MD5

              833dd68c763f5f851f78f34a7f3733ab

              SHA1

              c6b3f7404e3845985046416cedd2498af08dd234

              SHA256

              fd5181faaec66cbc7f11fb808220d626ee369c0aef7ff6a0ed9ee8aac6c02387

              SHA512

              8ef2071db75455e6898cf6b170b5797c9aa0358f4232c4f7dec7449802eb60832c79154a26ca21574916925ceb9ed043af54bf1c1f0fa20b7da352aacae357cb

              Download Submit

            • memory/944-0-0x0000000000400000-0x0000000000450000-memory.dmp

              Filesize

              320KB

              Download

            • memory/944-19-0x0000000000220000-0x000000000024B000-memory.dmp

              Filesize

              172KB

              Download

            • memory/944-22-0x0000000000220000-0x000000000024B000-memory.dmp

              Filesize

              172KB

              Download

            • memory/944-23-0x0000000000400000-0x0000000000450000-memory.dmp

              Filesize

              320KB

              Download