Analysis
-
max time kernel
34s -
max time network
18s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
10/05/2024, 19:16
Behavioral task
behavioral1
Sample
main.exe
Resource
win10-20240404-en
General
-
Target
main.exe
-
Size
5.7MB
-
MD5
16b3792af583844b6f36884390bf6e4e
-
SHA1
fb1006d8863b6519a8a99264ca55a41ae46b10aa
-
SHA256
6e24b5e42e5e004e77f4096d6d72d6b2d1a9d10e3692e24b740cb4b0751ecd36
-
SHA512
faccef047d12a2c83d6cd9de8a8cac3d3f270bf29207d9d0bf51aa2099eda163d86ab7864c0304ef0ab1eb77adde7cddb49c2e53cb4243f4bed3429a0581d8b3
-
SSDEEP
98304:ax8wIfoZMD/x/0feyGutbQ940BDlgwdnpka9R/k9t+2MGt+NCfAAcOL65:axtPuDfyGuwBdnpkYRM6kAoL
Malware Config
Signatures
-
Loads dropped DLL 2 IoCs
pid Process 4240 main.exe 4240 main.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2532 OneConnect.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 3636 wrote to memory of 4240 3636 main.exe 74 PID 3636 wrote to memory of 4240 3636 main.exe 74
Processes
-
C:\Users\Admin\AppData\Local\Temp\main.exe"C:\Users\Admin\AppData\Local\Temp\main.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3636 -
C:\Users\Admin\AppData\Local\Temp\main.exe"C:\Users\Admin\AppData\Local\Temp\main.exe"2⤵
- Loads dropped DLL
PID:4240
-
-
C:\Program Files\WindowsApps\Microsoft.OneConnect_2.1701.277.0_x64__8wekyb3d8bbwe\OneConnect.exe"C:\Program Files\WindowsApps\Microsoft.OneConnect_2.1701.277.0_x64__8wekyb3d8bbwe\OneConnect.exe" -ServerName:App.AppXmpqgjpqgts651yxn6z102kvq6a194074.mca1⤵
- Suspicious use of SetWindowsHookEx
PID:2532
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
95KB
MD5f34eb034aa4a9735218686590cba2e8b
SHA12bc20acdcb201676b77a66fa7ec6b53fa2644713
SHA2569d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1
SHA512d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af
-
Filesize
1.0MB
MD512b6386216e37da51b581ae7de243ec1
SHA1bb26f738491d4638adf35438a626a9c5b514f411
SHA256429b7e7bb8419b151addb1e417f38d37b4194f40f06459a3f21996a053e9c634
SHA512fb295e1fefe4267d0af3bd915bc72f8784e32376a88143aadc2b1dce917144dd70297abb0a9b513bb4d72f6ef93f21ae1f0d472cce1bffadd2d77f14c7bea014
-
Filesize
4.3MB
MD563a1fa9259a35eaeac04174cecb90048
SHA10dc0c91bcd6f69b80dcdd7e4020365dd7853885a
SHA25614b06796f288bc6599e458fb23a944ab0c843e9868058f02a91d4606533505ed
SHA512896caa053f48b1e4102e0f41a7d13d932a746eea69a894ae564ef5a84ef50890514deca6496e915aae40a500955220dbc1b1016fe0b8bcdde0ad81b2917dea8b