484b90ccdbc52d7c5284ec1c73d8e9d361e6eec2524ba6be82bab24f596d98f1

Analysis

max time kernel
143s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 14:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$_2_/DownloadManager.exe
Size

1.1MB
MD5

bac1287761471343e93022d5327828ef
SHA1

84d98d42d6bcc8654387bae74940443b95104562
SHA256

d8d6be0a9819a56ac2d845bc436def913b216c82988166fa34ffa6e4de034ce1
SHA512

898c54a68cb562c9f2c50f7a5773a6ff89c0d44ca3d43543332ea27f91949de39f0dabf1e4ff05667da9eb68540cd64ef89a2f8d45f50c8a58b1945217410ce8
SSDEEP

12288:bPZEUyw+5QxixdHPzy8LsxtX4vPyLwMDDG:bPZEdwvkxdHWLtXDLt+

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 2 IoCs

Processes:

DownloadManager.exe

description	ioc	process
File created	C:\Windows\assembly\Desktop.ini	DownloadManager.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	DownloadManager.exe

Drops file in Windows directory 3 IoCs

Processes:

DownloadManager.exe

description	ioc	process
File opened for modification	C:\Windows\assembly	DownloadManager.exe
File created	C:\Windows\assembly\Desktop.ini	DownloadManager.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	DownloadManager.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

DownloadManager.exe

pid process

4700 DownloadManager.exe
4700 DownloadManager.exe

pid	process
4700	DownloadManager.exe
4700	DownloadManager.exe

C:\Users\Admin\AppData\Local\Temp\$_2_\DownloadManager.exe
"C:\Users\Admin\AppData\Local\Temp\$_2_\DownloadManager.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:4700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4700-0-0x00007FF96E345000-0x00007FF96E346000-memory.dmp

Filesize
4KB

Download
memory/4700-1-0x00007FF96E090000-0x00007FF96EA31000-memory.dmp

Filesize
9.6MB

Download
memory/4700-10-0x000000001C150000-0x000000001C168000-memory.dmp

Filesize
96KB

Download
memory/4700-13-0x000000001C660000-0x000000001CB2E000-memory.dmp

Filesize
4.8MB

Download
memory/4700-14-0x000000001CBD0000-0x000000001CC6C000-memory.dmp

Filesize
624KB

Download
memory/4700-15-0x00007FF96E090000-0x00007FF96EA31000-memory.dmp

Filesize
9.6MB

Download
memory/4700-16-0x00007FF96E090000-0x00007FF96EA31000-memory.dmp

Filesize
9.6MB

Download
memory/4700-17-0x000000001BC00000-0x000000001BC08000-memory.dmp

Filesize
32KB

Download
memory/4700-18-0x00007FF96E090000-0x00007FF96EA31000-memory.dmp

Filesize
9.6MB

Download
memory/4700-19-0x00007FF96E090000-0x00007FF96EA31000-memory.dmp

Filesize
9.6MB

Download
memory/4700-20-0x00007FF96E090000-0x00007FF96EA31000-memory.dmp

Filesize
9.6MB

Download
memory/4700-22-0x00007FF96E090000-0x00007FF96EA31000-memory.dmp

Filesize
9.6MB

Download
memory/4700-23-0x00007FF96E090000-0x00007FF96EA31000-memory.dmp

Filesize
9.6MB

Download
memory/4700-24-0x00007FF96E090000-0x00007FF96EA31000-memory.dmp

Filesize
9.6MB

Download
memory/4700-25-0x00007FF96E090000-0x00007FF96EA31000-memory.dmp

Filesize
9.6MB

Download
memory/4700-26-0x00007FF96E345000-0x00007FF96E346000-memory.dmp

Filesize
4KB

Download
memory/4700-27-0x00007FF96E090000-0x00007FF96EA31000-memory.dmp

Filesize
9.6MB

Download