581dae7d1fbe30dc7fb6d343cb749f1445de1031e9fa1215a49b9e64cc8aa5a6

Analysis

max time kernel
9s
max time network
18s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/03/2024, 10:59

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

ddd8c093f1159d62ec339b5f708028a2.exe
Size

13.2MB
MD5

ddd8c093f1159d62ec339b5f708028a2
SHA1

deb1313768486adb85a3fd8fde62405c26b3be5e
SHA256

581dae7d1fbe30dc7fb6d343cb749f1445de1031e9fa1215a49b9e64cc8aa5a6
SHA512

0cc7e020787c2cb9d6e39e9b14c3d39fd8724366906c3afd59f0b2e16acccb7ed51dfec2ab15fbe234e62a567f2e67a8878befe911fc70e3298682fb27d6d2b2
SSDEEP

49152:EQFRHrmQG+yrwrTyRpL3rwrIrwrTvL3rwrtwrIrSRpL3rwrIrwrTvL3rwrtwrIrr:EcKTy/

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2604	ssr.exe

Loads dropped DLL 2 IoCs

pid	Process
1612	ddd8c093f1159d62ec339b5f708028a2.exe
1612	ddd8c093f1159d62ec339b5f708028a2.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2604	ssr.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2604	ssr.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2604	ssr.exe
2604	ssr.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1612 wrote to memory of 2604	1612	ddd8c093f1159d62ec339b5f708028a2.exe	28
PID 1612 wrote to memory of 2604	1612	ddd8c093f1159d62ec339b5f708028a2.exe	28
PID 1612 wrote to memory of 2604	1612	ddd8c093f1159d62ec339b5f708028a2.exe	28
PID 1612 wrote to memory of 2604	1612	ddd8c093f1159d62ec339b5f708028a2.exe	28

C:\Users\Admin\AppData\Local\Temp\ddd8c093f1159d62ec339b5f708028a2.exe
"C:\Users\Admin\AppData\Local\Temp\ddd8c093f1159d62ec339b5f708028a2.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1612
- C:\Users\Admin\AppData\Local\Temp\ssr.exe
  C:\Users\Admin\AppData\Local\Temp\ssr.exe -run C:\Users\Admin\AppData\Local\Temp\ddd8c093f1159d62ec339b5f708028a2.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2604

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ssr.exe

Filesize
64KB

MD5
010f8e48936dd59be27943a1eb643571

SHA1
a02ec5adc191adafd92c8407448491124b5e5bda

SHA256
db099f46f38d4423f8557686fcf1d84eb5a8eb91321209f73b79cfb559ca5751

SHA512
ad79b61825b68b2116858c4d0500ca38e43f61ad9e81a713248cd0a3bf241cc7a5f700872c6812a02e408c71478ac49675828fda7438ef4571bd4e0b12ef4313

Download Submit
C:\Users\Admin\AppData\Local\Temp\ssr.exe

Filesize
1.6MB

MD5
191b9fe09390814f5c0adf4bc8ff832d

SHA1
3d7117cb9a70d1dc3a098260c8b99c56058cdd1c

SHA256
0445b19d81e33f060f4ee8681d01b1645d260cc3e40ca71d234b24b2cf489c31

SHA512
4d62052a830deac529d9bc7668bb8543a8ccf02991ce56d9cce9a8d2b02b2340f8da05ef8161be5698143ad7a8f8a05375f8ee816eabedd259bdbec12735425d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ssr.exe

Filesize
659KB

MD5
3f3fb9616be5352ce97c82d30ce8e9a1

SHA1
2c2c00ee3c57eb13dd755a3a5e15ab9045fb3fef

SHA256
f37bc73193432702ff0b55b2ee9b841e32ca193465817220eb3ff1bb18475481

SHA512
45145541ccb81f043eb54d92e4518df28c46f2aeb76580b081e041da380f0b7e27fed2821032c9f155e0b7aa53abcaf9ec92e940caef3bea4556f615f19a9882

Download Submit
\Users\Admin\AppData\Local\Temp\ssr.exe

Filesize
630KB

MD5
c5bae681aa385d72d3f89f1605a222cb

SHA1
0422e81b5fda74c58b8da81623e2bc93644120e9

SHA256
43237b06cea6f1bcd79247466990058875d6053f8666709b442d91928f9d73fb

SHA512
29484536ea02b25f5ca4c1b4dc76a29c176f72814da476d1cc26814b9202fe867ef222a486f8d7446e44ac03e4176ec55d939863607c7c3c7148178f2bbaa26d

Download Submit
\Users\Admin\AppData\Local\Temp\ssr.exe

Filesize
93KB

MD5
0308e16657dac5687d624a05f9cd0981

SHA1
dcc1a84cbffecd17829597a567cfbd6387802c65

SHA256
25fcfefe51daa36ca77137e517578388531befe1f1295d1648e945aa44ccef9d

SHA512
8513611a7a10ff8eb6c9df617bbf4348691dfb60a090132997bef31c5d33e5651ab657e677ac81dc74018b8cb398c169f62cfb3232c158bd47064cd5d4d951dc

Download Submit
memory/1612-31-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1612-36-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1612-34-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1612-2-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/1612-5-0x0000000000350000-0x0000000000351000-memory.dmp

Filesize
4KB

Download
memory/1612-7-0x00000000002F0000-0x00000000002F1000-memory.dmp

Filesize
4KB

Download
memory/1612-6-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/1612-8-0x0000000000390000-0x0000000000391000-memory.dmp

Filesize
4KB

Download
memory/1612-9-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/1612-10-0x0000000000370000-0x0000000000371000-memory.dmp

Filesize
4KB

Download
memory/1612-11-0x0000000002B00000-0x0000000002B02000-memory.dmp

Filesize
8KB

Download
memory/1612-12-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/1612-13-0x0000000000540000-0x0000000000541000-memory.dmp

Filesize
4KB

Download
memory/1612-14-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/1612-15-0x0000000000560000-0x0000000000561000-memory.dmp

Filesize
4KB

Download
memory/1612-16-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/1612-17-0x0000000000550000-0x0000000000551000-memory.dmp

Filesize
4KB

Download
memory/1612-18-0x0000000000590000-0x0000000000591000-memory.dmp

Filesize
4KB

Download
memory/1612-21-0x0000000002340000-0x0000000002341000-memory.dmp

Filesize
4KB

Download
memory/1612-20-0x0000000002380000-0x0000000002381000-memory.dmp

Filesize
4KB

Download
memory/1612-19-0x00000000005A0000-0x00000000005A1000-memory.dmp

Filesize
4KB

Download
memory/1612-23-0x0000000002330000-0x0000000002331000-memory.dmp

Filesize
4KB

Download
memory/1612-24-0x0000000002360000-0x0000000002361000-memory.dmp

Filesize
4KB

Download
memory/1612-25-0x0000000002320000-0x0000000002321000-memory.dmp

Filesize
4KB

Download
memory/1612-26-0x0000000002350000-0x0000000002351000-memory.dmp

Filesize
4KB

Download
memory/1612-27-0x0000000002390000-0x0000000002391000-memory.dmp

Filesize
4KB

Download
memory/1612-28-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/1612-29-0x0000000002AF0000-0x0000000002AF6000-memory.dmp

Filesize
24KB

Download
memory/1612-30-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1612-1-0x0000000000300000-0x0000000000350000-memory.dmp

Filesize
320KB

Download
memory/1612-32-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1612-33-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1612-3-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download
memory/1612-4-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/1612-51-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1612-37-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1612-40-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1612-39-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1612-38-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1612-41-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1612-42-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1612-35-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1612-44-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1612-43-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1612-53-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/1612-54-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1612-55-0x0000000000300000-0x0000000000350000-memory.dmp

Filesize
320KB

Download
memory/1612-56-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1612-0-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2604-71-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2604-68-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2604-60-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2604-61-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2604-62-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2604-63-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2604-64-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2604-58-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/2604-59-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/2604-72-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2604-67-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2604-73-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2604-70-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2604-69-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2604-66-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2604-65-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2604-113-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download