0976567589d18216b4751e0ba0b43f380d21ba3b8d2fc42da3341dfaa7c3b075 | Triage

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
14/03/2024, 01:16

Sharing

Report Analysis Logs

General

Target

1ab99ca24d333ec4bef0f9cc39b13085.exe
Size

428KB
MD5

1ab99ca24d333ec4bef0f9cc39b13085
SHA1

a513619b991718393fe105553134b9ad13d5e36f
SHA256

0976567589d18216b4751e0ba0b43f380d21ba3b8d2fc42da3341dfaa7c3b075
SHA512

8adbc2093203a41386d7e72d27ffee3709a8195fadf1802e506e733e813537590514476b326fdcd1409ff3f715bce8db9acb8fecd2e8f2a963425d1864d71885
SSDEEP

12288:NplrVbDdQaqdS/ofraFErH8uB2Wm0SXsNr5FU:vxRQ+Fucuvm0as

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4692	Polish.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\Korean\Polish.exe	1ab99ca24d333ec4bef0f9cc39b13085.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
3856	1ab99ca24d333ec4bef0f9cc39b13085.exe
3856	1ab99ca24d333ec4bef0f9cc39b13085.exe
3856	1ab99ca24d333ec4bef0f9cc39b13085.exe
3856	1ab99ca24d333ec4bef0f9cc39b13085.exe
4692	Polish.exe
4692	Polish.exe
4692	Polish.exe
4692	Polish.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3856 wrote to memory of 4692	3856	1ab99ca24d333ec4bef0f9cc39b13085.exe	89
PID 3856 wrote to memory of 4692	3856	1ab99ca24d333ec4bef0f9cc39b13085.exe	89
PID 3856 wrote to memory of 4692	3856	1ab99ca24d333ec4bef0f9cc39b13085.exe	89

C:\Users\Admin\AppData\Local\Temp\1ab99ca24d333ec4bef0f9cc39b13085.exe
"C:\Users\Admin\AppData\Local\Temp\1ab99ca24d333ec4bef0f9cc39b13085.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3856
- C:\Program Files\Korean\Polish.exe
  "C:\Program Files\Korean\Polish.exe" "33201"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Korean\Polish.exe

Filesize
428KB

MD5
92f0d5210be8b0202797d41adab73915

SHA1
60ae8c44437dae6a0d980875d9a1ba10e70aafec

SHA256
5c0fcb6c3494b2625a6cb406e776f7646c572fa213b24c1ff739b8c47241cd7f

SHA512
bb15e3b6bd5e0e3e433091f45bd73dd88fdb75748ae0a1d34762b54a4f584d9a62bdcdfbb6b099fb109888b34c8b1f8810f8bffeee97b41f5589f5154b0f4564

Download Submit