ef285ea4242236a8140884a57b2746f61484ab74cc920d664d4b4a3ef38e0979

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25-05-2024 17:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ef285ea4242236a8140884a57b2746f61484ab74cc920d664d4b4a3ef38e0979.exe
Size

6.3MB
MD5

aaf2cf01414d472a325da54c097d29c8
SHA1

b2c362af31f12a22d5173a4bd193ac73550da757
SHA256

ef285ea4242236a8140884a57b2746f61484ab74cc920d664d4b4a3ef38e0979
SHA512

422838328315bf97401590f45e60aefed5afdd2ed3cd1629be16d599f2eae418f5f92ecdb6739682d7b5dd898a6e9f5a67a50e59f3a733f4152965be31054c3b
SSDEEP

196608:eVrsO33vp+x7YvGq6GRyPN+l3/kuxZJE:e9/33vp+x7qzywl3/kuZJ

Score

9^/10

oss_ak

Malware Config

Signatures

detect oss ak 4 IoCs

oss ak information detected.

oss_ak

Processes:

resource	yara_rule
behavioral1/memory/2532-0-0x0000000000400000-0x0000000001574000-memory.dmp	detect_ak_stuff
behavioral1/memory/2532-3-0x0000000000400000-0x0000000001574000-memory.dmp	detect_ak_stuff
behavioral1/memory/2532-4-0x0000000000400000-0x0000000001574000-memory.dmp	detect_ak_stuff
behavioral1/memory/2532-664-0x0000000000400000-0x0000000001574000-memory.dmp	detect_ak_stuff

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

ef285ea4242236a8140884a57b2746f61484ab74cc920d664d4b4a3ef38e0979.exe

pid process

2532 ef285ea4242236a8140884a57b2746f61484ab74cc920d664d4b4a3ef38e0979.exe

pid	process
2532	ef285ea4242236a8140884a57b2746f61484ab74cc920d664d4b4a3ef38e0979.exe

C:\Users\Admin\AppData\Local\Temp\ef285ea4242236a8140884a57b2746f61484ab74cc920d664d4b4a3ef38e0979.exe
"C:\Users\Admin\AppData\Local\Temp\ef285ea4242236a8140884a57b2746f61484ab74cc920d664d4b4a3ef38e0979.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:2532

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\AntiPlugCfg.ini
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\AntiPlugCfg.ini
Filesize
1KB

MD5
4f1331dd69faa9292698b3523dbdfa8f

SHA1
726e1162628e92ef557cf626bb6731f75013d163

SHA256
8663acbefbd072a154c61d014322cf31c2777bd88d292acfee7c07f664cadd2a

SHA512
f34b4141d6e1460c08d3457c1d570f98b7f44ab7eab8fdc6a560f808102266ada6a6e89982d050306d834f9ef9a3cb75e9e31b5200a1eee07cac3677640ae470

Download Submit
C:\Users\Admin\AppData\Local\Temp\AntiPlugCfg.ini
Filesize
3KB

MD5
677756e04d6203d1f3981ed7313ba353

SHA1
70e3d62138c81724b3e145d1cd83911f45273e31

SHA256
c65e0a5492380fb1403932e0df0001f56b9ec98fcf445666b0447164634b95d6

SHA512
4ed8d6ab87083e75c2349fbe56fb04c179d5145bb3b05b8902d00fb56ecba734429180dc48e51eb12f3046ab389cc2df7c81d5aba3ca0f5537909c817f98b31a

Download Submit
C:\Users\Admin\AppData\Local\Temp\AntiPlugCfg.ini
Filesize
4KB

MD5
2958b994852c6742641982eb5b4fc9ba

SHA1
2982f11ee2537fe4a4c8d3c030caad044c41f96a

SHA256
ed369bf5c86043802c7e07d888e296f6892de3fd46bf3af8e83b327da5dafed8

SHA512
c6ddc03062253376c9e4dadc324735d8aedcd118ea606795e6a454d68bf624fa83d4e0bfce2f16ba39e8ca47f73fe7dc712ed9e8ce3393d90cc52540db7e54ae

Download Submit
memory/2532-0-0x0000000000400000-0x0000000001574000-memory.dmp

Filesize
17.5MB

Download
memory/2532-3-0x0000000000400000-0x0000000001574000-memory.dmp

Filesize
17.5MB

Download
memory/2532-2-0x0000000000B90000-0x0000000000EF7000-memory.dmp

Filesize
3.4MB

Download
memory/2532-4-0x0000000000400000-0x0000000001574000-memory.dmp

Filesize
17.5MB

Download
memory/2532-664-0x0000000000400000-0x0000000001574000-memory.dmp

Filesize
17.5MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads