2f4ba1c8e5197a8d4a991d35055ff6bab653f5bf4239262883f482661028b4d8

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13/03/2024, 20:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c6c8947f5cb8b647a770d8e214273eb9.exe
Size

14.8MB
MD5

c6c8947f5cb8b647a770d8e214273eb9
SHA1

a43aa4b8563650131ac94e624d48b67024255251
SHA256

2f4ba1c8e5197a8d4a991d35055ff6bab653f5bf4239262883f482661028b4d8
SHA512

13720d72fa188da66a3d18c3e90b5b2e02de4024fa49a6926111e8a83240345760c33acf083add6585e2b1ea1866b1ab67c6cb2d61445fbb4e7ed9243a9da2aa
SSDEEP

98304:EcKHfSAHfS+HfSAHfKSAHVHfS+HfSAHfK6:EY

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3408	waei.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3408	waei.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
3408	waei.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3408	waei.exe
3408	waei.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1608 wrote to memory of 3408	1608	c6c8947f5cb8b647a770d8e214273eb9.exe	88
PID 1608 wrote to memory of 3408	1608	c6c8947f5cb8b647a770d8e214273eb9.exe	88
PID 1608 wrote to memory of 3408	1608	c6c8947f5cb8b647a770d8e214273eb9.exe	88

C:\Users\Admin\AppData\Local\Temp\c6c8947f5cb8b647a770d8e214273eb9.exe
"C:\Users\Admin\AppData\Local\Temp\c6c8947f5cb8b647a770d8e214273eb9.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1608
- C:\Users\Admin\AppData\Local\Temp\waei.exe
  C:\Users\Admin\AppData\Local\Temp\waei.exe -run C:\Users\Admin\AppData\Local\Temp\c6c8947f5cb8b647a770d8e214273eb9.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3408

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\waei.exe

Filesize
128KB

MD5
293f30ad02a2955f87acb52f9933d9c9

SHA1
ef77823211151cb3b97e208b63ca9fa867e002f7

SHA256
4b8ebfc9959dc79f44403604cb7b71923e95503d4a2f9c79042b58f2b576fe04

SHA512
e7d4e267958cb61ba1c6e87bff1091714ffa8cba8f3d0706cfb7d46c534945d9c5e158b815fc76ba19ece174f30f35a909b8d4cefcbc08f4ab33f0683e06124a

Download Submit
C:\Users\Admin\AppData\Local\Temp\waei.exe

Filesize
832KB

MD5
2e3659c1cc833fc3cabc3f0b7d131296

SHA1
81d2d028039e32dc1ee5b9df46aa0c62e119ca09

SHA256
32782b4d4ac0b3615d7d85e6c0c729661309a3dd2bd25d01a89f9d0adfe4e558

SHA512
b758f2d506637b26527ff11e0224ff76d34858ce321f91c80061b6f025899e2d6d8d7570d1fbd8f5c9764b460d62c5703f04361157e10886e599e9cd45fbe4a3

Download Submit
memory/1608-0-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/1608-1-0x0000000002330000-0x0000000002380000-memory.dmp

Filesize
320KB

Download
memory/1608-2-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/1608-4-0x00000000022C0000-0x00000000022C1000-memory.dmp

Filesize
4KB

Download
memory/1608-3-0x0000000002320000-0x0000000002321000-memory.dmp

Filesize
4KB

Download
memory/1608-5-0x0000000002490000-0x0000000002491000-memory.dmp

Filesize
4KB

Download
memory/1608-6-0x00000000022A0000-0x00000000022A1000-memory.dmp

Filesize
4KB

Download
memory/1608-7-0x0000000002480000-0x0000000002481000-memory.dmp

Filesize
4KB

Download
memory/1608-8-0x00000000024C0000-0x00000000024C1000-memory.dmp

Filesize
4KB

Download
memory/1608-11-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/1608-9-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/1608-12-0x0000000002DA0000-0x0000000002DA2000-memory.dmp

Filesize
8KB

Download
memory/1608-13-0x0000000002570000-0x0000000002571000-memory.dmp

Filesize
4KB

Download
memory/1608-14-0x0000000002520000-0x0000000002521000-memory.dmp

Filesize
4KB

Download
memory/1608-15-0x0000000002510000-0x0000000002511000-memory.dmp

Filesize
4KB

Download
memory/1608-16-0x0000000002540000-0x0000000002541000-memory.dmp

Filesize
4KB

Download
memory/1608-17-0x0000000002500000-0x0000000002501000-memory.dmp

Filesize
4KB

Download
memory/1608-18-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/1608-19-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/1608-20-0x0000000002590000-0x0000000002591000-memory.dmp

Filesize
4KB

Download
memory/1608-21-0x0000000002620000-0x0000000002621000-memory.dmp

Filesize
4KB

Download
memory/1608-22-0x00000000025E0000-0x00000000025E1000-memory.dmp

Filesize
4KB

Download
memory/1608-23-0x00000000025D0000-0x00000000025D1000-memory.dmp

Filesize
4KB

Download
memory/1608-24-0x0000000002600000-0x0000000002601000-memory.dmp

Filesize
4KB

Download
memory/1608-25-0x00000000025C0000-0x00000000025C1000-memory.dmp

Filesize
4KB

Download
memory/1608-32-0x0000000002D90000-0x0000000002D96000-memory.dmp

Filesize
24KB

Download
memory/1608-28-0x0000000002610000-0x0000000002611000-memory.dmp

Filesize
4KB

Download
memory/1608-26-0x00000000025F0000-0x00000000025F1000-memory.dmp

Filesize
4KB

Download
memory/1608-31-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/1608-35-0x0000000002E60000-0x0000000002E61000-memory.dmp

Filesize
4KB

Download
memory/1608-34-0x0000000002E60000-0x0000000002E61000-memory.dmp

Filesize
4KB

Download
memory/1608-33-0x0000000002330000-0x0000000002380000-memory.dmp

Filesize
320KB

Download
memory/3408-36-0x0000000002C70000-0x0000000002C71000-memory.dmp

Filesize
4KB

Download
memory/3408-37-0x0000000002C70000-0x0000000002C71000-memory.dmp

Filesize
4KB

Download
memory/3408-38-0x0000000002C70000-0x0000000002C71000-memory.dmp

Filesize
4KB

Download
memory/3408-39-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/3408-41-0x0000000002C50000-0x0000000002C56000-memory.dmp

Filesize
24KB

Download
memory/3408-40-0x0000000002060000-0x00000000020B0000-memory.dmp

Filesize
320KB

Download
memory/3408-42-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/3408-44-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/3408-43-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/3408-45-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/3408-46-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/3408-47-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/3408-48-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/3408-49-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/3408-50-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/3408-51-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/3408-53-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/3408-54-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/3408-55-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/3408-52-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/3408-56-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/3408-58-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/3408-60-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/3408-59-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/3408-57-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/3408-61-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/3408-62-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/3408-64-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/3408-63-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/3408-65-0x0000000002D20000-0x0000000002E20000-memory.dmp

Filesize
1024KB

Download
memory/3408-68-0x0000000002D10000-0x0000000002D11000-memory.dmp

Filesize
4KB

Download
memory/3408-66-0x00000000023B0000-0x00000000023B1000-memory.dmp

Filesize
4KB

Download
memory/3408-67-0x0000000002D00000-0x0000000002D01000-memory.dmp

Filesize
4KB

Download
memory/3408-85-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download