Overview

overview

7

Static

static

7

CORE10k.exe

windows7-x64

7

CORE10k.exe

windows10-2004-x64

7

data/program1.exe

windows7-x64

7

data/program1.exe

windows10-2004-x64

7

data/zip.dll

windows7-x64

1

data/zip.dll

windows10-2004-x64

3

keygen.exe

windows7-x64

7

keygen.exe

windows10-2004-x64

7

访问零�...��.url

windows7-x64

1

访问零�...��.url

windows10-2004-x64

1

Analysis

  • max time kernel
    140s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    04-06-2024 03:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    keygen.exe

  • Size

    228KB

  • MD5

    cf067a42232fd3ccabd7d7701a1f4ceb

  • SHA1

    67448758d281a2a76a157e7457b6a9745a230e6b

  • SHA256

    c6cef3d9ce6cad8aae5927416b0b3e13c3830ca6f2e0ca74ee49bf2283f42087

  • SHA512

    57255dfeae555e1ec7636341286f7b5112336fdd5e32de4a0632ef74a2eee209836fb1de6b44885b908b4f60e31e47f0b10a2704e6b54360189331e1712e568a

  • SSDEEP

    6144:wIzJc1Fro0Xrhor1Ok4xbU5B1KP/o2RaTi8k+jsk4Gunb:wec1W0bhK1t4xYJKA8G+

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 5 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\keygen.exe
    "C:\Users\Admin\AppData\Local\Temp\keygen.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2904
    • C:\Users\Admin\AppData\Local\Temp\keygen1.exe
      C:\Users\Admin\AppData\Local\Temp\keygen1.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\BzHupRgxIzgfRcidGOto.DLL
    Filesize

    35KB

    MD5

    76a9565c5f51775719eebda1f25530a5

    SHA1

    332feae4dba6b4a93bebea7a881a0fa758891091

    SHA256

    a1a7c4f74d4fe7784ed03709e5f946b94cc10a64e3ae0ad5a9a3bece9a8a2c0a

    SHA512

    79c9af704d1626cad9d44470585baf8d5f082b5d77c285fc6ae4862e99439f838fe9b1e745f8f2487fa64d5d7304954f66d0cef222db4dc9095a7294172094e9

    Download Submit

  • \Users\Admin\AppData\Local\Temp\CqpGfgSxst.DLL
    Filesize

    33KB

    MD5

    e4ec57e8508c5c4040383ebe6d367928

    SHA1

    b22bcce36d9fdeae8ab7a7ecc0b01c8176648d06

    SHA256

    8ad9e47693e292f381da42ddc13724a3063040e51c26f4ca8e1f8e2f1ddd547f

    SHA512

    77d5cf66caf06e192e668fae2b2594e60a498e8e0ccef5b09b9710721a4cdb0c852d00c446fd32c5b5c85e739de2e73cb1f1f6044879fe7d237341bbb6f27822

    Download Submit

  • \Users\Admin\AppData\Local\Temp\keygen1.exe
    Filesize

    212KB

    MD5

    f330aa9230a65eb0482ff74c084d73e2

    SHA1

    df89f5f51d4941fb2d23e07583ca71aa0ca78248

    SHA256

    1c25b23b78586d4a66aef9950ea00235663e333f6f619c35896ad580e794ec34

    SHA512

    8841422bb32160f6dfc71bc1d1690ee5b231303e7735872c4ca8dd66d503ca3e719d74b2bcd8acb319ae7c39b288773f5bab7ee80345da76c63ff282d8967778

    Download Submit

  • \Users\Admin\AppData\Local\Temp\orEVKrFqYFkrQSBfSSAI.DLL
    Filesize

    12KB

    MD5

    e6144fb36c1fdc6ba1d1afa9632588f8

    SHA1

    c4964264c6600fde210a644b639e2ea25ecb67e6

    SHA256

    b141412d0611571df381c26186b3fc438c725d6e45ad66fd76413322c17a9ac6

    SHA512

    400ca4e2ad987a88429da21d795f7365bd230ed4225e19b7841dcc09606e0afde2f3cc31aa8be4ee83dd3c6b0339cb2c13953523bdc8d2f547d953c6c6c8d339

    Download Submit

  • memory/2960-39-0x0000000000400000-0x000000000047A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/2960-27-0x0000000002BE2000-0x0000000002BE3000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2960-8-0x0000000000400000-0x000000000047A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/2960-40-0x0000000002BD0000-0x0000000002BE3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2960-26-0x0000000002BD0000-0x0000000002BE3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2960-28-0x0000000000400000-0x000000000047A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/2960-29-0x0000000000220000-0x0000000000223000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2960-30-0x0000000002BD0000-0x0000000002BE3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2960-32-0x0000000002BD0000-0x0000000002BE3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2960-31-0x0000000000400000-0x000000000047A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/2960-33-0x0000000000400000-0x000000000047A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/2960-34-0x0000000002BD0000-0x0000000002BE3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2960-35-0x0000000000400000-0x000000000047A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/2960-36-0x0000000002BD0000-0x0000000002BE3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2960-37-0x0000000000400000-0x000000000047A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/2960-38-0x0000000002BD0000-0x0000000002BE3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2960-9-0x0000000000220000-0x0000000000223000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2960-42-0x0000000002BD0000-0x0000000002BE3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2960-10-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2960-41-0x0000000000400000-0x000000000047A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/2960-43-0x0000000000400000-0x000000000047A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/2960-44-0x0000000002BD0000-0x0000000002BE3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2960-46-0x0000000002BD0000-0x0000000002BE3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2960-45-0x0000000000400000-0x000000000047A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/2960-47-0x0000000000400000-0x000000000047A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/2960-48-0x0000000002BD0000-0x0000000002BE3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2960-49-0x0000000000400000-0x000000000047A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/2960-50-0x0000000002BD0000-0x0000000002BE3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2960-51-0x0000000000400000-0x000000000047A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/2960-52-0x0000000002BD0000-0x0000000002BE3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2960-53-0x0000000000400000-0x000000000047A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/2960-54-0x0000000002BD0000-0x0000000002BE3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2960-55-0x0000000000400000-0x000000000047A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/2960-56-0x0000000002BD0000-0x0000000002BE3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2960-57-0x0000000000400000-0x000000000047A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/2960-58-0x0000000002BD0000-0x0000000002BE3000-memory.dmp

    Filesize

    76KB

    Download