Analysis
-
max time kernel
74s -
max time network
70s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
25-05-2024 23:02
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
Hook.exe
Resource
win7-20240508-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
Hook.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
Hook.exe
-
Size
446KB
-
MD5
28535711673ba8e4251327e0c5dcb04b
-
SHA1
2f4005a8acadbcae06f472a7b171835337ab2c63
-
SHA256
b4a70be15508ac80e7bac8970376919e2a12e3a2e5627c1587c362e0a2cb30de
-
SHA512
84d4050bd97e2f0db490988f801d0a81041ac989c0627a69d52a175e4d9e12ab1304e501e20ad10a237fa25c3d592b490ec6a25e19b4baf12fea7c39c30cd407
-
SSDEEP
6144:enCJxbwrfRrxTKCQhf5erJegNhxvDuiAe9YQU1jVdglRNfn7Tvh5XGZa64RS9Rjo:eCjMrfchxmsBjVdgJfnrG0Rhgu89A
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe 3152 Hook.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 3152 wrote to memory of 2460 3152 Hook.exe 83 PID 3152 wrote to memory of 2460 3152 Hook.exe 83 PID 3152 wrote to memory of 2364 3152 Hook.exe 90 PID 3152 wrote to memory of 2364 3152 Hook.exe 90 PID 3152 wrote to memory of 4024 3152 Hook.exe 96 PID 3152 wrote to memory of 4024 3152 Hook.exe 96
Processes
-
C:\Users\Admin\AppData\Local\Temp\Hook.exe"C:\Users\Admin\AppData\Local\Temp\Hook.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3152 -
C:\Windows\explorer.exe"C:\Windows\explorer.exe"2⤵PID:2460
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start C:\Windows\System32\dxd32s.exe2⤵PID:2364
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start C:\Windows\System32\dxd32s.exe2⤵PID:4024
-