5e5363efc9b1ddaef8fef4125b506f23f1fb6239fa072bac9016a9a3c6d16738

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
19/03/2024, 04:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d5294260152e4a5ab2e3f93ed38a1b4d.exe
Size

5.8MB
MD5

d5294260152e4a5ab2e3f93ed38a1b4d
SHA1

01da55be29342ada9ff49a70cedc858d0fea05e5
SHA256

5e5363efc9b1ddaef8fef4125b506f23f1fb6239fa072bac9016a9a3c6d16738
SHA512

ca9d389f992922d7623669d1a38fe0adf2a73d23cee25dfdfa7dfd015060423721a6646f5fbc70100293fce8ee393d86d1a9dbb1b433ca7e820184c299a764c3
SSDEEP

98304:oOalb129zei8VtZl8XGo0hhRJaFOEVJ6Y/XDoV7eYJKBMPcDgTq6E09yisaYNYLy:oIzeVvl82o0jRJ+P78V7rgB2cDc6msaw

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1056	d5294260152e4a5ab2e3f93ed38a1b4d.exe

Loads dropped DLL 4 IoCs

pid	Process
2092	d5294260152e4a5ab2e3f93ed38a1b4d.exe
2092	d5294260152e4a5ab2e3f93ed38a1b4d.exe
2092	d5294260152e4a5ab2e3f93ed38a1b4d.exe
1056	d5294260152e4a5ab2e3f93ed38a1b4d.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2092	d5294260152e4a5ab2e3f93ed38a1b4d.exe
1056	d5294260152e4a5ab2e3f93ed38a1b4d.exe
2720	d5294260152e4a5ab2e3f93ed38a1b4d.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2092 wrote to memory of 1056	2092	d5294260152e4a5ab2e3f93ed38a1b4d.exe	28
PID 2092 wrote to memory of 1056	2092	d5294260152e4a5ab2e3f93ed38a1b4d.exe	28
PID 2092 wrote to memory of 1056	2092	d5294260152e4a5ab2e3f93ed38a1b4d.exe	28
PID 2092 wrote to memory of 1056	2092	d5294260152e4a5ab2e3f93ed38a1b4d.exe	28
PID 1056 wrote to memory of 2720	1056	d5294260152e4a5ab2e3f93ed38a1b4d.exe	29
PID 1056 wrote to memory of 2720	1056	d5294260152e4a5ab2e3f93ed38a1b4d.exe	29
PID 1056 wrote to memory of 2720	1056	d5294260152e4a5ab2e3f93ed38a1b4d.exe	29
PID 1056 wrote to memory of 2720	1056	d5294260152e4a5ab2e3f93ed38a1b4d.exe	29

C:\Users\Admin\AppData\Local\Temp\d5294260152e4a5ab2e3f93ed38a1b4d.exe
"C:\Users\Admin\AppData\Local\Temp\d5294260152e4a5ab2e3f93ed38a1b4d.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2092
- C:\Users\Admin\AppData\Local\Temp\DBtoEXE240319040912_tmp\d5294260152e4a5ab2e3f93ed38a1b4d.exe
  "C:\Users\Admin\AppData\Local\Temp\DBtoEXE240319040912_tmp\d5294260152e4a5ab2e3f93ed38a1b4d.exe" cmd/CallFromZipBase /C:\Users\Admin\AppData\Local\Temp\d5294260152e4a5ab2e3f93ed38a1b4d.exe /90112 /271367 /407660 /6133387 /C:\Users\Admin\AppData\Local\Temp\DBtoEXE240319040912_tmp\ /0 /9639 /0 /
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1056
- - C:\Users\Admin\AppData\Local\Temp\d5294260152e4a5ab2e3f93ed38a1b4d.exe
    "C:\Users\Admin\AppData\Local\Temp\d5294260152e4a5ab2e3f93ed38a1b4d.exe" cmd/del /C:\Users\Admin\AppData\Local\Temp\DBtoEXE240319040912_tmp\ /0 /0 /
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:2720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\DBtoEXE240319040912_tmp\DBtoEXEtmp\PlazaSoft.accdr

Filesize
5.0MB

MD5
dce4e97e2c8c4fe227069c586428787e

SHA1
9a12eb57e6689eb0c6a9ed2f2a204b5a7af7caf4

SHA256
52f35951317e89bbb62b58a7d8358c2c9cc522ea700a33676f26d3bcfe979fd6

SHA512
6993ac02c737d7e6c8bc3f3a98e1a2873f6c9d080b87990d84595809c7792c2dc047b45d4152ab9bd6cff81b3fe2fb83b6af6b667223c75be5b13f549d831bcb

Download Submit
C:\Users\Admin\AppData\Local\Temp\DBtoEXE240319040912_tmp\FileAddZip.tmp

Filesize
1005KB

MD5
930075edbc1e4c46a511dcde72fcc570

SHA1
ba4c48ff4e5e73ba30faa481d0752d9e13c6f945

SHA256
0b6e465687646878691192334bed1f9825fb8afab34c66c7543c1b800a3a173a

SHA512
326ba2ee88c3587d22e47d56538fb4b89ed1d526b1d57d460f6c6060b7820141477605845d099b48d43ffc9db785b24200fe90b3eaefe164309a51d137934383

Download Submit
\Users\Admin\AppData\Local\Temp\DBtoEXE240319040912_tmp\d5294260152e4a5ab2e3f93ed38a1b4d.exe

Filesize
724KB

MD5
cf5646ef5720a82bb1d7b622ca757bc9

SHA1
aa5cc446385cc3e81ead468858f68e5ff6491558

SHA256
e488e070781994a88d5d8517556fb28c5cc2651c7501d4b510ebd56a60104117

SHA512
8a5ba81f21a82d43d9c2bc3b49313008f26871dfaf0f1fd394755c5dfc8315db8afb6bfef38176ec604091d3116740f023ff62a83020d79dc280ee941dbbfd2a

Download Submit
\Users\Admin\AppData\Local\Temp\DBtoEXE240319040912_tmp\zlib123.dll

Filesize
72KB

MD5
4efaa53c545f4ffb1ee0ed1709c15ea7

SHA1
076b2d31e24fe8cfb56f9c292fd6ca1402be79b2

SHA256
21582b3a68e8753322a1b1c7e550ae7fd305de4935de68fbde9f87570f484d00

SHA512
7fa8c0954729ea14fdceb788393c3de6e139fc4c480b84183863f62afacec2d6bbc0993b601a4a74c87bc89338b627dc37a18be309d090bae880ea10ab9d7314

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads