Overview

overview

3

Static

static

3

keybord-delay.exe

windows7-x64

1

keybord-delay.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    30s
  • max time network
    33s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-05-2024 22:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    keybord-delay.exe

  • Size

    96KB

  • MD5

    267d28aaa43bea7b2e77b04e40f5d59f

  • SHA1

    3f6fa31ab8a6d1e0260f4c904e2e7d1785bc3669

  • SHA256

    887f65c6eb3388028daa724cf86f8bff6fc534573c70cd86abad5a586c0117c0

  • SHA512

    17c933559be746f5328fb8db91a590f1f1422a6b4b5de35ab66ba82ad0cc18722f3e4bc0aa72a20eaca0131c0aca4353650f7e7ca4705e5b3ec5dc2c7997dc7c

  • SSDEEP

    1536:T7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIfowqyp159yO2:P7DhdC6kzWypvaQ0FxyNTBfo9y35u

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 26 IoCs
  • Views/modifies file attributes 1 TTPs 10 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\keybord-delay.exe
    "C:\Users\Admin\AppData\Local\Temp\keybord-delay.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1712
    • C:\Windows\system32\cmd.exe
      "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\4DB2.tmp\4DB3.tmp\4DB4.bat C:\Users\Admin\AppData\Local\Temp\keybord-delay.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1356
      • C:\Windows\system32\cacls.exe
        "C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"
        3⤵
          PID:3180
        • C:\Windows\system32\attrib.exe
          attrib +h +s "C:\Users\Admin\AppData\Local\Temp\4DB2.tmp\4DB3.tmp\4DB4.bat"
          3⤵
          • Views/modifies file attributes
          PID:5076
        • C:\Windows\system32\attrib.exe
          attrib +h +s "C:\Users\Admin\AppData\Local\Temp\tmpA61F.tmp"
          3⤵
          • Views/modifies file attributes
          PID:940
        • C:\Windows\system32\attrib.exe
          attrib +h +s "C:\Users\Admin\AppData\Local\Temp\tmpA795.tmp"
          3⤵
          • Views/modifies file attributes
          PID:928
        • C:\Windows\system32\attrib.exe
          attrib +h +s "C:\Users\Admin\AppData\Local\Temp\wct5F08.tmp"
          3⤵
          • Views/modifies file attributes
          PID:1876
        • C:\Windows\system32\attrib.exe
          attrib +h +s "C:\Users\Admin\AppData\Local\Temp\wct7407.tmp"
          3⤵
          • Views/modifies file attributes
          PID:4084
        • C:\Windows\system32\attrib.exe
          attrib +h +s "C:\Users\Admin\AppData\Local\Temp\wct85C0.tmp"
          3⤵
          • Views/modifies file attributes
          PID:3288
        • C:\Windows\system32\attrib.exe
          attrib +h +s "C:\Users\Admin\AppData\Local\Temp\wct961.tmp"
          3⤵
          • Views/modifies file attributes
          PID:2072
        • C:\Windows\system32\attrib.exe
          attrib +h +s "C:\Users\Admin\AppData\Local\Temp\wctA330.tmp"
          3⤵
          • Views/modifies file attributes
          PID:3800
        • C:\Windows\system32\attrib.exe
          attrib +h +s "C:\Users\Admin\AppData\Local\Temp\wctB258.tmp"
          3⤵
          • Views/modifies file attributes
          PID:3724
        • C:\Windows\system32\attrib.exe
          attrib +h +s "C:\Users\Admin\AppData\Local\Temp\4DB2.tmp\4DB3.tmp\4DB5.tmp"
          3⤵
          • Views/modifies file attributes
          PID:2900
        • C:\Windows\system32\chcp.com
          chcp 65001
          3⤵
            PID:1824

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\4DB2.tmp\4DB3.tmp\4DB4.bat
        Filesize

        5KB

        MD5

        e7aec4d5923484d58a0ce39d5fe06821

        SHA1

        42ef26e0df2b35ef9785024ccdd8e480d9f8fcfb

        SHA256

        543d731315c946dd528ad823a318bd824258392d136d6b3aafbe6b2ed51ad884

        SHA512

        2ba731e8120bdc7f7bee610d297be76622bbf013347de576342441dcd525daa00d5ae9a201d55a79c2f9bc82db316fdda8be3cacadec072fb41a54f0fd63f3e0

        Download Submit