b7738261716ed24ae1817db7d1642200203a2003aea0cf9b3ea03ffb62c42b55

Analysis

max time kernel
141s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2024, 16:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cbe3dd52157edc178b89cbae55a1047b.exe
Size

19.3MB
MD5

cbe3dd52157edc178b89cbae55a1047b
SHA1

5b635fcb0c8849fac670f051b12f973849c8375f
SHA256

b7738261716ed24ae1817db7d1642200203a2003aea0cf9b3ea03ffb62c42b55
SHA512

e9a3cf4a7c0b666e92f20eb3ad1dd4333ad98b9fa46c5d8d90086f784ee375b1eabca1ed205258797caa9bf3e52811c524c816b68821cf7ea2cfe0708c8a01d2
SSDEEP

49152:EQFRHrmQG+yrY+Fr/rcrSlFr/rcrMrmJ/rcrSlFrJrcprcrMrmJ/rcr+rMrErMys:EcK/

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
876	bvaxjp.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
876	bvaxjp.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
876	bvaxjp.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
876	bvaxjp.exe
876	bvaxjp.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3300 wrote to memory of 876	3300	cbe3dd52157edc178b89cbae55a1047b.exe	85
PID 3300 wrote to memory of 876	3300	cbe3dd52157edc178b89cbae55a1047b.exe	85
PID 3300 wrote to memory of 876	3300	cbe3dd52157edc178b89cbae55a1047b.exe	85

C:\Users\Admin\AppData\Local\Temp\cbe3dd52157edc178b89cbae55a1047b.exe
"C:\Users\Admin\AppData\Local\Temp\cbe3dd52157edc178b89cbae55a1047b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3300
- C:\Users\Admin\AppData\Local\Temp\bvaxjp.exe
  C:\Users\Admin\AppData\Local\Temp\bvaxjp.exe -run C:\Users\Admin\AppData\Local\Temp\cbe3dd52157edc178b89cbae55a1047b.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:876

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\bvaxjp.exe

Filesize
22.5MB

MD5
2b388d6d7990956e53ab85c8366d4c27

SHA1
cc4ed7a4131320d13ce4452099464006d2efb5b8

SHA256
25f230546d270089e3b0d909a1187b816811818b360ea2fb70739ca1f93b9f87

SHA512
2416bc6158fd934ad3299565cfa425e6911fa7f82c0f89b639ebfa5f24da8243f4b8ad4f8f022ace6203ee7d9f77cfac66499a81892259b6d753856cafe9eb35

Download Submit
memory/876-66-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/876-65-0x0000000006020000-0x0000000006021000-memory.dmp

Filesize
4KB

Download
memory/876-64-0x0000000006020000-0x0000000006021000-memory.dmp

Filesize
4KB

Download
memory/876-63-0x0000000005EA0000-0x0000000005EC0000-memory.dmp

Filesize
128KB

Download
memory/876-62-0x0000000004E40000-0x0000000004E5B000-memory.dmp

Filesize
108KB

Download
memory/876-61-0x0000000004E40000-0x0000000004E5B000-memory.dmp

Filesize
108KB

Download
memory/876-60-0x0000000004E40000-0x0000000004E5B000-memory.dmp

Filesize
108KB

Download
memory/876-58-0x0000000006020000-0x0000000006021000-memory.dmp

Filesize
4KB

Download
memory/876-57-0x0000000005EC0000-0x0000000005EC1000-memory.dmp

Filesize
4KB

Download
memory/876-56-0x00000000057A0000-0x00000000057A1000-memory.dmp

Filesize
4KB

Download
memory/876-55-0x0000000004E90000-0x0000000004E91000-memory.dmp

Filesize
4KB

Download
memory/876-54-0x0000000004E60000-0x0000000004E61000-memory.dmp

Filesize
4KB

Download
memory/876-52-0x0000000004E40000-0x0000000004E5B000-memory.dmp

Filesize
108KB

Download
memory/876-51-0x0000000004E40000-0x0000000004E5B000-memory.dmp

Filesize
108KB

Download
memory/876-50-0x0000000003BC0000-0x0000000003BC1000-memory.dmp

Filesize
4KB

Download
memory/876-49-0x00000000033D0000-0x00000000033D1000-memory.dmp

Filesize
4KB

Download
memory/876-47-0x0000000003830000-0x0000000003BB4000-memory.dmp

Filesize
3.5MB

Download
memory/876-46-0x0000000002C70000-0x0000000002C71000-memory.dmp

Filesize
4KB

Download
memory/876-45-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/3300-16-0x0000000002540000-0x0000000002541000-memory.dmp

Filesize
4KB

Download
memory/3300-19-0x0000000002570000-0x0000000002571000-memory.dmp

Filesize
4KB

Download
memory/3300-23-0x00000000025C0000-0x00000000025C1000-memory.dmp

Filesize
4KB

Download
memory/3300-24-0x00000000025F0000-0x00000000025F1000-memory.dmp

Filesize
4KB

Download
memory/3300-25-0x00000000025B0000-0x00000000025B1000-memory.dmp

Filesize
4KB

Download
memory/3300-26-0x00000000025E0000-0x00000000025E1000-memory.dmp

Filesize
4KB

Download
memory/3300-27-0x0000000002600000-0x0000000002601000-memory.dmp

Filesize
4KB

Download
memory/3300-28-0x0000000002D90000-0x0000000002D96000-memory.dmp

Filesize
24KB

Download
memory/3300-29-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/3300-31-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/3300-32-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/3300-33-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/3300-34-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/3300-35-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/3300-21-0x0000000002610000-0x0000000002611000-memory.dmp

Filesize
4KB

Download
memory/3300-39-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/3300-41-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/3300-42-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/3300-44-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/3300-43-0x00000000022D0000-0x0000000002320000-memory.dmp

Filesize
320KB

Download
memory/3300-20-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/3300-22-0x00000000025D0000-0x00000000025D1000-memory.dmp

Filesize
4KB

Download
memory/3300-40-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/3300-30-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/3300-18-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/3300-17-0x0000000002500000-0x0000000002501000-memory.dmp

Filesize
4KB

Download
memory/3300-0-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/3300-15-0x0000000002510000-0x0000000002511000-memory.dmp

Filesize
4KB

Download
memory/3300-13-0x0000000002560000-0x0000000002561000-memory.dmp

Filesize
4KB

Download
memory/3300-14-0x0000000002520000-0x0000000002521000-memory.dmp

Filesize
4KB

Download
memory/3300-11-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/3300-12-0x0000000002DA0000-0x0000000002DA2000-memory.dmp

Filesize
8KB

Download
memory/3300-8-0x00000000024C0000-0x00000000024C1000-memory.dmp

Filesize
4KB

Download
memory/3300-7-0x0000000002480000-0x0000000002481000-memory.dmp

Filesize
4KB

Download
memory/3300-59-0x0000000002E60000-0x0000000002F60000-memory.dmp

Filesize
1024KB

Download
memory/3300-9-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/3300-6-0x0000000002330000-0x0000000002331000-memory.dmp

Filesize
4KB

Download
memory/3300-5-0x0000000002490000-0x0000000002491000-memory.dmp

Filesize
4KB

Download
memory/3300-4-0x0000000002450000-0x0000000002451000-memory.dmp

Filesize
4KB

Download
memory/3300-3-0x0000000002460000-0x0000000002461000-memory.dmp

Filesize
4KB

Download
memory/3300-2-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/3300-1-0x00000000022D0000-0x0000000002320000-memory.dmp

Filesize
320KB

Download