Overview

overview

7

Static

static

3

e1ded95268...0f.exe

windows7-x64

7

e1ded95268...0f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/03/2024, 14:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e1ded95268d79d12e98787d18ebfcb0f.exe

  • Size

    300KB

  • MD5

    e1ded95268d79d12e98787d18ebfcb0f

  • SHA1

    bf2362235ae0ee3cec6501691ec5784c00dcf812

  • SHA256

    b88e5c72f1c75e935437c00732abe75ad1335dc2e4a30741ef1451b575b255b6

  • SHA512

    bd8689b04619b479ad1e9b77c551343713eac3822086ad8867d9001a32528fea35f18bd5a4e2c781aa0b315669ac02737608ef5caf8b5437bfa7eab21a2fbcef

  • SSDEEP

    6144:YTsZO044WwGTmtL71QC5WMjPgjwAM/Qmp4SZWmTSdCPLUF:YUOPeMm1zWMjP2wAM/QmvydCP

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e1ded95268d79d12e98787d18ebfcb0f.exe
    "C:\Users\Admin\AppData\Local\Temp\e1ded95268d79d12e98787d18ebfcb0f.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1452
    • C:\Users\Admin\AppData\Local\Temp\SkypeClient.exe
      C:\Users\Admin\AppData\Local\Temp\SkypeClient.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2612
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 424
      2⤵
      • Program crash
      PID:4712
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 1452 -ip 1452
    1⤵
      PID:3704
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1028 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:3704

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\SkypeClient.exe
        Filesize

        80KB

        MD5

        7c47fb8ef8fbb53027f820d696f5c734

        SHA1

        c9bff30466eaf77f4c731159b1f43cd5438885c1

        SHA256

        8d8730bd88b5d9b191d0efc2f24df087059ba05d418c75cb1d7077f7510832c4

        SHA512

        b85acfe570f6f8a6b2c16257b0027abb0d6b2518a97819830177439fa1d2fe742b1e37d072bbe5415139d8f860c203ae74dc1076de6ae7c1717dead907fdc1a5

        Download Submit

      • memory/1452-0-0x0000000000400000-0x00000000004AB000-memory.dmp

        Filesize

        684KB

        Download

      • memory/1452-1-0x0000000000600000-0x0000000000601000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1452-8-0x0000000000400000-0x00000000004AB000-memory.dmp

        Filesize

        684KB

        Download