Overview

overview

7

Static

static

3

USBClear/U...ar.exe

windows7-x64

7

USBClear/U...ar.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    05-05-2024 06:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    USBClear/USB Clear.exe

  • Size

    755KB

  • MD5

    3be23d26a795ad0ba3da6cb7a85b8317

  • SHA1

    bbb0bc6742509ee48d490e4983c1a20fc4aae038

  • SHA256

    c2cd169e7676721e98fac41e10df2194b2bf9a00810066b72ce249ed977ea51f

  • SHA512

    18df2e94a251efb6d231a203c5e1769a0d8676ff79ee0018fe42d5b418177b015af62849d11cda33244a264855299e3ddb5f3053a896f93445c28a7e8f2afc29

  • SSDEEP

    12288:kJA9DyhqLLdItbqAGJF13oZjWT/gVyOR7ciiWn9yAS1uYq0oc7HuIA5j:kJCcq3OtqJF1YZWT/gQco1W1c2AUj

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\USBClear\USB Clear.exe
    "C:\Users\Admin\AppData\Local\Temp\USBClear\USB Clear.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of SetWindowsHookEx
    PID:2916

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\E_4\eAPI.fne
    Filesize

    328KB

    MD5

    a9cc5ac8af486090335a7e6b184ca79b

    SHA1

    bd35b9f4a2338a2ee379cc1e1528b05ff9a77d2f

    SHA256

    69eaa088634ab34f55a745617ec9e3ea7c6bfd0bd04e09685a531cd510a814df

    SHA512

    0df90738f8f93874760a19ebe79a381c25755da8486770b846ac44f593b2b8b455255b702771af1183528b727d05286f3eb981fae5bf6fe2844b5e849299cf90

    Download Submit

  • \Users\Admin\AppData\Local\Temp\E_4\krnln.fnr
    Filesize

    1.1MB

    MD5

    71520e2e016f657e0131181c093af6e0

    SHA1

    98b542d747b2dfd57ea69e42ffc8e6a6f05d18cb

    SHA256

    c77f7719ef55800ebc692edb5523f6becd83bdc25b8bc6f7dbff3c6243ef76ae

    SHA512

    d48758acc8767a78b898152efac9ce31e043904dcaddc0e60c3145bc7250e8384913833f33f717d986f2f9262a3e82ecde13b4fbece851b2b8b70af43a177b71

    Download Submit

  • \Users\Admin\AppData\Local\Temp\E_4\xplib.fne
    Filesize

    76KB

    MD5

    5efd18f53b9524d0d6e7cfd2e791401b

    SHA1

    a9707ad3f23efc027a50653742e929abc4b0b628

    SHA256

    64efe7c330a66e6094dc385672b15a78283ced87f2054f5e9d02f3a70e83be2f

    SHA512

    cf3b56e3fa1beb16356592ac8ee965a3d62cea3b1958c35cca532c1b0071d40be5fa4161fe8c9e27fc447d42ac70d44c5b5ad9427887abdda85ca54373a67526

    Download Submit

  • memory/2916-0-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2916-7-0x0000000000220000-0x0000000000233000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2916-10-0x0000000001E20000-0x0000000001E81000-memory.dmp

    Filesize

    388KB

    Download

  • memory/2916-14-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download