4d6f53db9e727bfcf9e0754864c9677cb7274f0801a585c7eafd79732c9da0ac

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
28-03-2024 03:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e2ca31ccca6c5d8d3a1a6d61a94ec4d2.exe
Size

419KB
MD5

e2ca31ccca6c5d8d3a1a6d61a94ec4d2
SHA1

3d9e70226f3f77c1fbb6483a6f04e359c518bca7
SHA256

4d6f53db9e727bfcf9e0754864c9677cb7274f0801a585c7eafd79732c9da0ac
SHA512

984fdb0af4a3ebfad3a5aff864fd54ffb689345d61da3f5d2fedf6e59507048f0c5e30363de7bd8d0dc850f6af9df935cf2cf9e852e6ccf686ea53e1649d3b1d
SSDEEP

12288:cplrVbDdQaqdS/ofraFErH8uB2Wm0SX/Nr5FU:oxRQ+Fucuvm0a/

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2212	behavioral.exe

Loads dropped DLL 2 IoCs

pid	Process
2484	e2ca31ccca6c5d8d3a1a6d61a94ec4d2.exe
2484	e2ca31ccca6c5d8d3a1a6d61a94ec4d2.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\previous\behavioral.exe	e2ca31ccca6c5d8d3a1a6d61a94ec4d2.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2484	e2ca31ccca6c5d8d3a1a6d61a94ec4d2.exe
2484	e2ca31ccca6c5d8d3a1a6d61a94ec4d2.exe
2484	e2ca31ccca6c5d8d3a1a6d61a94ec4d2.exe
2484	e2ca31ccca6c5d8d3a1a6d61a94ec4d2.exe
2212	behavioral.exe
2212	behavioral.exe
2212	behavioral.exe
2212	behavioral.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2484 wrote to memory of 2212	2484	e2ca31ccca6c5d8d3a1a6d61a94ec4d2.exe	28
PID 2484 wrote to memory of 2212	2484	e2ca31ccca6c5d8d3a1a6d61a94ec4d2.exe	28
PID 2484 wrote to memory of 2212	2484	e2ca31ccca6c5d8d3a1a6d61a94ec4d2.exe	28
PID 2484 wrote to memory of 2212	2484	e2ca31ccca6c5d8d3a1a6d61a94ec4d2.exe	28

C:\Users\Admin\AppData\Local\Temp\e2ca31ccca6c5d8d3a1a6d61a94ec4d2.exe
"C:\Users\Admin\AppData\Local\Temp\e2ca31ccca6c5d8d3a1a6d61a94ec4d2.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2484
- C:\Program Files\previous\behavioral.exe
  "C:\Program Files\previous\behavioral.exe" "33201"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\previous\behavioral.exe

Filesize
192KB

MD5
5724caa55ed7f47a8240db4f1ea6bf51

SHA1
a05cd5d077e67c8c961334764306ad494caac216

SHA256
2f79e571461d6e619b2238390d38ecb60d615d9765eca3226ecb4e862010295b

SHA512
8107a49bbd0d7cc283adcc8cd4505a6bf9a290243e0109692ee121fe2d58d75dec78cac5011f34fbe4c382d508a0aae2cdfc1f67f00f40f66d872bce5fcfafb7

Download Submit
C:\Program Files\previous\behavioral.exe

Filesize
128KB

MD5
c4daab9cb4dba02273a51c628cfab6c0

SHA1
fd65a54e65f4d5836cf38a520909f26382685883

SHA256
73c8441d1cbb03a38edaf10223257467dd20b7b6835e3b0a45f8f041dcb80733

SHA512
832c5c2a6a3f41f0c4124f95ad61905f93ccf5e2b20131784df383178bd5a91b9384f0642c2a67753f300e59eb154f299131a5e4aac991699e191e92fd7145a3

Download Submit
\Program Files\previous\behavioral.exe

Filesize
419KB

MD5
4a4b6c2a744ddf7f4e95ffd02a3a694c

SHA1
5b996e4d1cc055994b023e54943826a2913d388d

SHA256
d59c33511359957e2b351e97775a53704b4de1966243a58bd2b2b84ccff16ba7

SHA512
8e98126e6a2e1eabfe6b15bd5b0b11bb8f3b644a5e4d14e1a42e9882050359a3bef078b696f7e59c85ee7a9bf6de4e27483f3beeef87650237f05237395685ab

Download Submit
memory/2212-10-0x0000000000400000-0x0000000000573000-memory.dmp

Filesize
1.4MB

Download
memory/2212-12-0x0000000000400000-0x0000000000573000-memory.dmp

Filesize
1.4MB

Download
memory/2484-0-0x0000000000400000-0x0000000000573000-memory.dmp

Filesize
1.4MB

Download
memory/2484-9-0x0000000002AB0000-0x0000000002C23000-memory.dmp

Filesize
1.4MB

Download
memory/2484-11-0x0000000000400000-0x0000000000573000-memory.dmp

Filesize
1.4MB

Download