f2c9cb8fd3bfb519af2f14be237c811552558755ba148fe174ffb65bbf9e20e5

General

Target

f2c9cb8fd3bfb519af2f14be237c811552558755ba148fe174ffb65bbf9e20e5.exe
Size

5.9MB
MD5

4ee24eae57f3cf1bcc6bfcab3f2eef27
SHA1

304fb6a2add0d2ba849f3ee9a60fc6e1173fba54
SHA256

f2c9cb8fd3bfb519af2f14be237c811552558755ba148fe174ffb65bbf9e20e5
SHA512

278550a9d66dc9b097eea31fda0e0c145273bd97abbbfd543f6aaac721a247c89d0dcd91493988625bb8d9b045e25f467d557e941e42f3b0d8bcc0d0a0642721
SSDEEP

98304:XhUCd5V5Z8mRT4DaEYvX1xkEqNDWhHsETGMA+NNSMT9E1vWIK8mviYQR/aFLZinZ:XhUC3fTTEi1xkEqlWP5Ski1uI5mviXSy

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

f2c9cb8fd3bfb519af2f14be237c811552558755ba148fe174ffb65bbf9e20e5_app.exe

pid process

2360 f2c9cb8fd3bfb519af2f14be237c811552558755ba148fe174ffb65bbf9e20e5_app.exe

Loads dropped DLL 2 IoCs

Processes:

f2c9cb8fd3bfb519af2f14be237c811552558755ba148fe174ffb65bbf9e20e5.exef2c9cb8fd3bfb519af2f14be237c811552558755ba148fe174ffb65bbf9e20e5.exe

pid	process
1556	f2c9cb8fd3bfb519af2f14be237c811552558755ba148fe174ffb65bbf9e20e5.exe
1560	f2c9cb8fd3bfb519af2f14be237c811552558755ba148fe174ffb65bbf9e20e5.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

f2c9cb8fd3bfb519af2f14be237c811552558755ba148fe174ffb65bbf9e20e5_app.exe

pid	process
2360	f2c9cb8fd3bfb519af2f14be237c811552558755ba148fe174ffb65bbf9e20e5_app.exe
2360	f2c9cb8fd3bfb519af2f14be237c811552558755ba148fe174ffb65bbf9e20e5_app.exe

Suspicious use of FindShellTrayWindow 3 IoCs

Processes:

f2c9cb8fd3bfb519af2f14be237c811552558755ba148fe174ffb65bbf9e20e5.exe

pid	process
1560	f2c9cb8fd3bfb519af2f14be237c811552558755ba148fe174ffb65bbf9e20e5.exe
1560	f2c9cb8fd3bfb519af2f14be237c811552558755ba148fe174ffb65bbf9e20e5.exe
1560	f2c9cb8fd3bfb519af2f14be237c811552558755ba148fe174ffb65bbf9e20e5.exe

Suspicious use of SendNotifyMessage 3 IoCs

Processes:

f2c9cb8fd3bfb519af2f14be237c811552558755ba148fe174ffb65bbf9e20e5.exe

pid	process
1560	f2c9cb8fd3bfb519af2f14be237c811552558755ba148fe174ffb65bbf9e20e5.exe
1560	f2c9cb8fd3bfb519af2f14be237c811552558755ba148fe174ffb65bbf9e20e5.exe
1560	f2c9cb8fd3bfb519af2f14be237c811552558755ba148fe174ffb65bbf9e20e5.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

f2c9cb8fd3bfb519af2f14be237c811552558755ba148fe174ffb65bbf9e20e5.exef2c9cb8fd3bfb519af2f14be237c811552558755ba148fe174ffb65bbf9e20e5.exef2c9cb8fd3bfb519af2f14be237c811552558755ba148fe174ffb65bbf9e20e5_app.exe

pid	process
1556	f2c9cb8fd3bfb519af2f14be237c811552558755ba148fe174ffb65bbf9e20e5.exe
1560	f2c9cb8fd3bfb519af2f14be237c811552558755ba148fe174ffb65bbf9e20e5.exe
1560	f2c9cb8fd3bfb519af2f14be237c811552558755ba148fe174ffb65bbf9e20e5.exe
2360	f2c9cb8fd3bfb519af2f14be237c811552558755ba148fe174ffb65bbf9e20e5_app.exe
2360	f2c9cb8fd3bfb519af2f14be237c811552558755ba148fe174ffb65bbf9e20e5_app.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

f2c9cb8fd3bfb519af2f14be237c811552558755ba148fe174ffb65bbf9e20e5.exef2c9cb8fd3bfb519af2f14be237c811552558755ba148fe174ffb65bbf9e20e5.exe

description	pid	process	target process
PID 1556 wrote to memory of 1560	1556	f2c9cb8fd3bfb519af2f14be237c811552558755ba148fe174ffb65bbf9e20e5.exe	f2c9cb8fd3bfb519af2f14be237c811552558755ba148fe174ffb65bbf9e20e5.exe
PID 1556 wrote to memory of 1560	1556	f2c9cb8fd3bfb519af2f14be237c811552558755ba148fe174ffb65bbf9e20e5.exe	f2c9cb8fd3bfb519af2f14be237c811552558755ba148fe174ffb65bbf9e20e5.exe
PID 1556 wrote to memory of 1560	1556	f2c9cb8fd3bfb519af2f14be237c811552558755ba148fe174ffb65bbf9e20e5.exe	f2c9cb8fd3bfb519af2f14be237c811552558755ba148fe174ffb65bbf9e20e5.exe
PID 1560 wrote to memory of 2360	1560	f2c9cb8fd3bfb519af2f14be237c811552558755ba148fe174ffb65bbf9e20e5.exe	f2c9cb8fd3bfb519af2f14be237c811552558755ba148fe174ffb65bbf9e20e5_app.exe
PID 1560 wrote to memory of 2360	1560	f2c9cb8fd3bfb519af2f14be237c811552558755ba148fe174ffb65bbf9e20e5.exe	f2c9cb8fd3bfb519af2f14be237c811552558755ba148fe174ffb65bbf9e20e5_app.exe
PID 1560 wrote to memory of 2360	1560	f2c9cb8fd3bfb519af2f14be237c811552558755ba148fe174ffb65bbf9e20e5.exe	f2c9cb8fd3bfb519af2f14be237c811552558755ba148fe174ffb65bbf9e20e5_app.exe

C:\Users\Admin\AppData\Local\Temp\f2c9cb8fd3bfb519af2f14be237c811552558755ba148fe174ffb65bbf9e20e5.exe
"C:\Users\Admin\AppData\Local\Temp\f2c9cb8fd3bfb519af2f14be237c811552558755ba148fe174ffb65bbf9e20e5.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1556

C:\Users\Admin\AppData\Local\Temp\f2c9cb8fd3bfb519af2f14be237c811552558755ba148fe174ffb65bbf9e20e5.exe
C:\Users\Admin\AppData\Local\Temp\f2c9cb8fd3bfb519af2f14be237c811552558755ba148fe174ffb65bbf9e20e5.exe -a -d
2⤵
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1560

C:\Users\Admin\AppData\Local\Temp\f2c9cb8fd3bfb519af2f14be237c811552558755ba148fe174ffb65bbf9e20e5_app.exe
"C:\Users\Admin\AppData\Local\Temp\f2c9cb8fd3bfb519af2f14be237c811552558755ba148fe174ffb65bbf9e20e5_app.exe"
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\cyyundun.dll

Filesize
332KB

MD5
8722259b998800a37c3991c58ce64f96

SHA1
d370272422272eaf9aca8bc17ba9bcba1b83df70

SHA256
b115d63bee020042256019ee14fa0570483180e29c4deb7ed5b8fab522b05244

SHA512
867872e22769ecdba19daca70d6ef2bbb9e310abd90ddd1c3ff5b9a3375ef11488f1f7ac021c579ab58b7e8125c8bada584a1e96bb15fcee5837307cb64a6857

Download Submit
C:\Users\Admin\AppData\Local\Temp\f2c9cb8fd3bfb519af2f14be237c811552558755ba148fe174ffb65bbf9e20e5_app.exe

Filesize
2.8MB

MD5
4752dce77495666d331122a4aac240ae

SHA1
62d5ab87a07d388d4fce290631d2c70778a3abac

SHA256
d8574e6d7d12a6511abf942c5212275ab4286288f80e18979b83afbb3360a64b

SHA512
83150e95d23e3d50acc36112452dab7ee90101103f4a7b892b7a738dffdbf295ef2f690447424be449c022f78a3d71565fa04eca55dc8cbe6b27b0255c366c38

Download Submit
memory/1556-5-0x00000000743C0000-0x0000000074427000-memory.dmp

Filesize
412KB

Download
memory/1556-6-0x00000000743C0000-0x0000000074427000-memory.dmp

Filesize
412KB

Download
memory/1560-13-0x0000000073DF0000-0x0000000073E57000-memory.dmp

Filesize
412KB

Download
memory/1560-25-0x0000000073DF0000-0x0000000073E57000-memory.dmp

Filesize
412KB

Download
memory/2360-18-0x0000000000400000-0x0000000000BF1000-memory.dmp

Filesize
7.9MB

Download
memory/2360-19-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/2360-20-0x0000000000400000-0x0000000000BF1000-memory.dmp

Filesize
7.9MB

Download
memory/2360-22-0x0000000000400000-0x0000000000BF1000-memory.dmp

Filesize
7.9MB

Download
memory/2360-23-0x0000000000400000-0x0000000000BF1000-memory.dmp

Filesize
7.9MB

Download
memory/2360-24-0x0000000000400000-0x0000000000BF1000-memory.dmp

Filesize
7.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads