Overview

overview

7

Static

static

3

d5a3a59439...42.exe

windows7-x64

7

d5a3a59439...42.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    19/03/2024, 08:18

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d5a3a5943904fa645509111950115942.exe

  • Size

    82KB

  • MD5

    d5a3a5943904fa645509111950115942

  • SHA1

    5f1fabb03a3d5c3b7c4c3da9d071871360280d11

  • SHA256

    d3a51e060f13f2f11a4e03b79284acb26434f276e29686b0f1b8165b464f44f5

  • SHA512

    51f53fc53dbc0f85d1a3cbb3efa81446f69ee2cbeb761f5950657e92e4b8aa31cb6b3447e98f519b44bdc1870d1d5b872947dfe9f9cb491bce70db00670e0794

  • SSDEEP

    1536:nWU7JfGXyjPrwpw2ZCZg6oIg/g4Rx/jz6OZ272Wyt/2QLpS74nouy8i8:31xUpgZ2J/g4n/FwryMsS7woutt

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 5 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d5a3a5943904fa645509111950115942.exe
    "C:\Users\Admin\AppData\Local\Temp\d5a3a5943904fa645509111950115942.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2856
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c 2.bat
      2⤵
        PID:1520
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c 2.bat
        2⤵
          PID:2732

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Temp\2.bat
              Filesize

              42B

              MD5

              6cac92ab248f68030e6727cf91340f0e

              SHA1

              132b9595fc7aa8a1be4045066a1dc76b7c7fdd78

              SHA256

              4361714a43ebd815b0e4eab696a1ecd2886dacad75fb7de149e86c3cb4b026a9

              SHA512

              e93c8007139469a3dd22d2bca6c0938994124bfdb29e68639e09450ff212243d098e54d0eb9d102915060d957719529af76ee8836491b55c0b05364b1b9e10bc

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\2.bat
              Filesize

              53B

              MD5

              c5f91ff8443ce76d2cdd5388e473a87a

              SHA1

              a1fdbd7c4a7194b3a1cc8d010e35e9626e9cdab4

              SHA256

              1f1ec6bb4ce7b221154e972a6a1f58d8b46abdd29aadec264dea26693c92f974

              SHA512

              2a1824f1c0a4a420badcf718835924f960a4d4fc1a475744f9ae158b3208f6446f3abd01ece2dbfa3e28ce6ba87fd9416f1d38ad268568fc7f424360da9326a6

              Download Submit

            • \Windows\debug\B831406A9770.dll
              Filesize

              154KB

              MD5

              b55f08bc8d20e1d5235db0dc59707d29

              SHA1

              751d6cfe8213e29cc665d4984cd9abd69e401d87

              SHA256

              71425696197edf8ce522d5b68d7977f42480908e3027c1b4a3872b351b354761

              SHA512

              994ef5562d2195c9b5278a1599f0f246b22385d3e9800145fd5c15b7949189d09a5a62eb7436ee876aca84a8545db5acaba4f95e9a2d56709660739d5f4d4690

              Download Submit

            • memory/2856-7-0x0000000000400000-0x000000000043A20C-memory.dmp

              Filesize

              232KB

              Download

            • memory/2856-20-0x0000000000220000-0x000000000024B000-memory.dmp

              Filesize

              172KB

              Download

            • memory/2856-23-0x0000000000400000-0x000000000043A20C-memory.dmp

              Filesize

              232KB

              Download

            • memory/2856-24-0x0000000000220000-0x000000000024B000-memory.dmp

              Filesize

              172KB

              Download