Analysis

  • max time kernel
    34s
  • max time network
    18s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    10/05/2024, 19:16

General

  • Target

    main.exe

  • Size

    5.7MB

  • MD5

    16b3792af583844b6f36884390bf6e4e

  • SHA1

    fb1006d8863b6519a8a99264ca55a41ae46b10aa

  • SHA256

    6e24b5e42e5e004e77f4096d6d72d6b2d1a9d10e3692e24b740cb4b0751ecd36

  • SHA512

    faccef047d12a2c83d6cd9de8a8cac3d3f270bf29207d9d0bf51aa2099eda163d86ab7864c0304ef0ab1eb77adde7cddb49c2e53cb4243f4bed3429a0581d8b3

  • SSDEEP

    98304:ax8wIfoZMD/x/0feyGutbQ940BDlgwdnpka9R/k9t+2MGt+NCfAAcOL65:axtPuDfyGuwBdnpkYRM6kAoL

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\main.exe
    "C:\Users\Admin\AppData\Local\Temp\main.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3636
    • C:\Users\Admin\AppData\Local\Temp\main.exe
      "C:\Users\Admin\AppData\Local\Temp\main.exe"
      2⤵
      • Loads dropped DLL
      PID:4240
  • C:\Program Files\WindowsApps\Microsoft.OneConnect_2.1701.277.0_x64__8wekyb3d8bbwe\OneConnect.exe
    "C:\Program Files\WindowsApps\Microsoft.OneConnect_2.1701.277.0_x64__8wekyb3d8bbwe\OneConnect.exe" -ServerName:App.AppXmpqgjpqgts651yxn6z102kvq6a194074.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2532

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI36362\VCRUNTIME140.dll

    Filesize

    95KB

    MD5

    f34eb034aa4a9735218686590cba2e8b

    SHA1

    2bc20acdcb201676b77a66fa7ec6b53fa2644713

    SHA256

    9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1

    SHA512

    d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

  • C:\Users\Admin\AppData\Local\Temp\_MEI36362\base_library.zip

    Filesize

    1.0MB

    MD5

    12b6386216e37da51b581ae7de243ec1

    SHA1

    bb26f738491d4638adf35438a626a9c5b514f411

    SHA256

    429b7e7bb8419b151addb1e417f38d37b4194f40f06459a3f21996a053e9c634

    SHA512

    fb295e1fefe4267d0af3bd915bc72f8784e32376a88143aadc2b1dce917144dd70297abb0a9b513bb4d72f6ef93f21ae1f0d472cce1bffadd2d77f14c7bea014

  • C:\Users\Admin\AppData\Local\Temp\_MEI36362\python310.dll

    Filesize

    4.3MB

    MD5

    63a1fa9259a35eaeac04174cecb90048

    SHA1

    0dc0c91bcd6f69b80dcdd7e4020365dd7853885a

    SHA256

    14b06796f288bc6599e458fb23a944ab0c843e9868058f02a91d4606533505ed

    SHA512

    896caa053f48b1e4102e0f41a7d13d932a746eea69a894ae564ef5a84ef50890514deca6496e915aae40a500955220dbc1b1016fe0b8bcdde0ad81b2917dea8b