Overview

overview

7

Static

static

3

keyloggers...or.exe

windows7-x64

7

keyloggers...or.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/05/2024, 00:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    keyloggerspymonitor.exe

  • Size

    3.1MB

  • MD5

    9c1e4b013dfb85305833827e71045b97

  • SHA1

    8f32f1384d3d3d23a6491fd7cc17dba7ab3da890

  • SHA256

    3f1e2f123c130e67437b745d9cb3189ce89a6bab826d246a3f43327d67356d74

  • SHA512

    1cca94f41e0602b98f0c5c19b02d0c25441fd0fd02c2947b50d10ac05f7f7ea5040719ed84000193904e502795e877e2a7b1269730cd05432621c66dcf31329a

  • SSDEEP

    49152:1q8/0osoM2z7YkwQyiuqFCc/ayq01KUNvyOgdDaU2Y33NQ9hbB7w3cb7/LVQ:IW00cIyipFpayXIUNyQu2hVDb7/C

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\keyloggerspymonitor.exe
    "C:\Users\Admin\AppData\Local\Temp\keyloggerspymonitor.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2328
    • C:\Users\Admin\AppData\Local\Temp\is-H9QGN.tmp\keyloggerspymonitor.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-H9QGN.tmp\keyloggerspymonitor.tmp" /SL5="$401E0,3015137,54272,C:\Users\Admin\AppData\Local\Temp\keyloggerspymonitor.exe"
      2⤵
      • Executes dropped EXE
      PID:3516

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-H9QGN.tmp\keyloggerspymonitor.tmp
    Filesize

    689KB

    MD5

    15430669556c2062ceadd5b125e8cea7

    SHA1

    276c5f36876a783a01ef10b9df39fa0efe3e296a

    SHA256

    64db719c67988b106bf2d1a5b842445e8ff9b6436be28bcaa0b8876d330f8168

    SHA512

    2c2a87d34922d747827a2c77813ebfe9923bdd80cd4be909f8da3c8a4dc3a079c049db74c8bc36edd38663ee4635cdd0fda4f9cd2adc3b40d426066611206f39

    Download Submit

  • memory/2328-2-0x0000000000401000-0x000000000040B000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2328-0-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2328-12-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/3516-9-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/3516-13-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download