Analysis
-
max time kernel
142s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
06/06/2024, 20:33
Static task
static1
Behavioral task
behavioral1
Sample
6e68df42609b8b7b9104a20ddbffefad8339afa4e1667139eace9601e9fa0c580EppPaB86d.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
6e68df42609b8b7b9104a20ddbffefad8339afa4e1667139eace9601e9fa0c580EppPaB86d.exe
Resource
win10v2004-20240226-en
General
-
Target
6e68df42609b8b7b9104a20ddbffefad8339afa4e1667139eace9601e9fa0c580EppPaB86d.exe
-
Size
2.2MB
-
MD5
c8e59f75cb74e2a8d644368d5a06ca68
-
SHA1
562af1976898764ffc35df1d523e98fa95630e8a
-
SHA256
6e68df42609b8b7b9104a20ddbffefad8339afa4e1667139eace9601e9fa0c58
-
SHA512
74a6bd15ed411d3ce70ecd40e71f09aec019752cfc004a1adf5e738ef6a448249d47cca82064c80fdc4ab70a6ce5268bdf0957cbbe6901488728427ea3dde127
-
SSDEEP
49152:W2+BF5f37D5to87s3Kv3mqI6VeOMjUfkptVxIyijdTB:W2+BFB3X7oMs3Kv3mjUu5SB
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 4020 6e68df42609b8b7b9104a20ddbffefad8339afa4e1667139eace9601e9fa0c580EppPaB86d.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 4020 6e68df42609b8b7b9104a20ddbffefad8339afa4e1667139eace9601e9fa0c580EppPaB86d.exe 4020 6e68df42609b8b7b9104a20ddbffefad8339afa4e1667139eace9601e9fa0c580EppPaB86d.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4176 wrote to memory of 4020 4176 6e68df42609b8b7b9104a20ddbffefad8339afa4e1667139eace9601e9fa0c580EppPaB86d.exe 91 PID 4176 wrote to memory of 4020 4176 6e68df42609b8b7b9104a20ddbffefad8339afa4e1667139eace9601e9fa0c580EppPaB86d.exe 91 PID 4176 wrote to memory of 4020 4176 6e68df42609b8b7b9104a20ddbffefad8339afa4e1667139eace9601e9fa0c580EppPaB86d.exe 91
Processes
-
C:\Users\Admin\AppData\Local\Temp\6e68df42609b8b7b9104a20ddbffefad8339afa4e1667139eace9601e9fa0c580EppPaB86d.exe"C:\Users\Admin\AppData\Local\Temp\6e68df42609b8b7b9104a20ddbffefad8339afa4e1667139eace9601e9fa0c580EppPaB86d.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4176 -
C:\Users\Admin\AppData\Local\Temp\jds240649593.tmp\6e68df42609b8b7b9104a20ddbffefad8339afa4e1667139eace9601e9fa0c580EppPaB86d.exe"C:\Users\Admin\AppData\Local\Temp\jds240649593.tmp\6e68df42609b8b7b9104a20ddbffefad8339afa4e1667139eace9601e9fa0c580EppPaB86d.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1408 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:81⤵PID:4936
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\jds240649593.tmp\6e68df42609b8b7b9104a20ddbffefad8339afa4e1667139eace9601e9fa0c580EppPaB86d.exe
Filesize1.9MB
MD5a9b69edaaf925ea6a71679d9a0f56266
SHA1efe45a8e10c3d559b4800b0974f65bf0e87c747b
SHA256e37988551194fccbbb82fc0a159a9b9abb242cdaed14a331cbceb0f5195e18f4
SHA512663f2dc7a6faa7c2a0db5ad3d60b9e0909543b77285a048a1b3c7b20d3cd2a8607202bfc8a0d4b597ec517a7b0ed01f446a4a9c722a750a07f5ece56dff74e23
-
Filesize
155KB
MD578b78e62138b62b5b3c926a9a7879298
SHA1412c27e017ca8260641a657f42d22f168962cdbb
SHA25629318e9dd6e7ff615927c2bb13d4ac1d4a2cdda2443114cf0eadca351b0d9b8c
SHA512e40bc1a1832289687ee6f2336a09c7fece9e2b0843b3cb877c88c887e61d7d613884a65630401bac858869af79c6d3065495898ec1ae1fcca5b59f92ab52018b
-
Filesize
154KB
MD5b7bed3865cd41784eaab397e2e768c89
SHA1751929c47c730d4e3ee12515a9afbe6dfbf3ebef
SHA2565bc05150d463674aede8332ace368dd60709a47bd428fad5b80ead5906d575bb
SHA51225bc96486b338d6921a5371230fd3acfc98916ad58ce78bef1ba8df755d4390c21129d5e5631d0478363667682a8c4421bf4a2ba32c75270b4433ba144240181