Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
24-05-2024 05:33
Behavioral task
behavioral1
Sample
f8b92acf359d37edaa202d4ef8dae75f8cf509f80715d80e2e68616b8e074694.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
f8b92acf359d37edaa202d4ef8dae75f8cf509f80715d80e2e68616b8e074694.exe
Resource
win10v2004-20240508-en
General
-
Target
f8b92acf359d37edaa202d4ef8dae75f8cf509f80715d80e2e68616b8e074694.exe
-
Size
608KB
-
MD5
1a697204865eb985cbe3fbf3371d907c
-
SHA1
01cfef7a2c7c9e06cb491ceaf840c59126a45a67
-
SHA256
f8b92acf359d37edaa202d4ef8dae75f8cf509f80715d80e2e68616b8e074694
-
SHA512
a6c5e37f9a281cc322e15a988421e3c47d5b64ee7d045ae2d65cd9b2a9de80f06f4a2697a83368cc8967ed29fb384e85168b1328d16f05429f3585bf22360c94
-
SSDEEP
12288:9BAsu/1OsCzbT7YebtN2rMFpouF0/DD0:yMzEgNPFpoz/0
Malware Config
Signatures
-
UPX dump on OEP (original entry point) 5 IoCs
resource yara_rule behavioral1/memory/2932-0-0x0000000000400000-0x0000000000581000-memory.dmp UPX behavioral1/files/0x0032000000013a88-8.dat UPX behavioral1/memory/2964-10-0x0000000000400000-0x0000000000581000-memory.dmp UPX behavioral1/memory/2932-11-0x0000000000400000-0x0000000000581000-memory.dmp UPX behavioral1/memory/2964-12-0x0000000000400000-0x0000000000581000-memory.dmp UPX -
Executes dropped EXE 1 IoCs
pid Process 2964 function.exe -
Loads dropped DLL 2 IoCs
pid Process 2932 f8b92acf359d37edaa202d4ef8dae75f8cf509f80715d80e2e68616b8e074694.exe 2932 f8b92acf359d37edaa202d4ef8dae75f8cf509f80715d80e2e68616b8e074694.exe -
resource yara_rule behavioral1/memory/2932-0-0x0000000000400000-0x0000000000581000-memory.dmp upx behavioral1/files/0x0032000000013a88-8.dat upx behavioral1/memory/2964-10-0x0000000000400000-0x0000000000581000-memory.dmp upx behavioral1/memory/2932-11-0x0000000000400000-0x0000000000581000-memory.dmp upx behavioral1/memory/2964-12-0x0000000000400000-0x0000000000581000-memory.dmp upx -
Drops file in Program Files directory 1 IoCs
description ioc Process File created C:\Program Files\depend\function.exe f8b92acf359d37edaa202d4ef8dae75f8cf509f80715d80e2e68616b8e074694.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
pid Process 2932 f8b92acf359d37edaa202d4ef8dae75f8cf509f80715d80e2e68616b8e074694.exe 2932 f8b92acf359d37edaa202d4ef8dae75f8cf509f80715d80e2e68616b8e074694.exe 2932 f8b92acf359d37edaa202d4ef8dae75f8cf509f80715d80e2e68616b8e074694.exe 2932 f8b92acf359d37edaa202d4ef8dae75f8cf509f80715d80e2e68616b8e074694.exe 2964 function.exe 2964 function.exe 2964 function.exe 2964 function.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2932 wrote to memory of 2964 2932 f8b92acf359d37edaa202d4ef8dae75f8cf509f80715d80e2e68616b8e074694.exe 28 PID 2932 wrote to memory of 2964 2932 f8b92acf359d37edaa202d4ef8dae75f8cf509f80715d80e2e68616b8e074694.exe 28 PID 2932 wrote to memory of 2964 2932 f8b92acf359d37edaa202d4ef8dae75f8cf509f80715d80e2e68616b8e074694.exe 28 PID 2932 wrote to memory of 2964 2932 f8b92acf359d37edaa202d4ef8dae75f8cf509f80715d80e2e68616b8e074694.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\f8b92acf359d37edaa202d4ef8dae75f8cf509f80715d80e2e68616b8e074694.exe"C:\Users\Admin\AppData\Local\Temp\f8b92acf359d37edaa202d4ef8dae75f8cf509f80715d80e2e68616b8e074694.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2932 -
C:\Program Files\depend\function.exe"C:\Program Files\depend\function.exe" "33201"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2964
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
608KB
MD5aa2095fd87c6460da3987eaa3a6bf305
SHA1d25d77e590220157a0e161e7784fff584e0d3f52
SHA256cac29efb5440bda97328c4cd75fcf68e0b15f7b932b82758ada436c1a3a883ce
SHA512a32e15fca730233d1c251f2bfc79ca8927ef8fe9db6882be958ef7dd8fed98628124b7bf577b7e1a02d7fb54f5ad8b1b1e062cc5b1cd9d45aa6a0b6a69375c0a