Analysis

  • max time kernel
    142s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/06/2024, 20:33

General

  • Target

    6e68df42609b8b7b9104a20ddbffefad8339afa4e1667139eace9601e9fa0c580EppPaB86d.exe

  • Size

    2.2MB

  • MD5

    c8e59f75cb74e2a8d644368d5a06ca68

  • SHA1

    562af1976898764ffc35df1d523e98fa95630e8a

  • SHA256

    6e68df42609b8b7b9104a20ddbffefad8339afa4e1667139eace9601e9fa0c58

  • SHA512

    74a6bd15ed411d3ce70ecd40e71f09aec019752cfc004a1adf5e738ef6a448249d47cca82064c80fdc4ab70a6ce5268bdf0957cbbe6901488728427ea3dde127

  • SSDEEP

    49152:W2+BF5f37D5to87s3Kv3mqI6VeOMjUfkptVxIyijdTB:W2+BFB3X7oMs3Kv3mjUu5SB

Score
4/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6e68df42609b8b7b9104a20ddbffefad8339afa4e1667139eace9601e9fa0c580EppPaB86d.exe
    "C:\Users\Admin\AppData\Local\Temp\6e68df42609b8b7b9104a20ddbffefad8339afa4e1667139eace9601e9fa0c580EppPaB86d.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4176
    • C:\Users\Admin\AppData\Local\Temp\jds240649593.tmp\6e68df42609b8b7b9104a20ddbffefad8339afa4e1667139eace9601e9fa0c580EppPaB86d.exe
      "C:\Users\Admin\AppData\Local\Temp\jds240649593.tmp\6e68df42609b8b7b9104a20ddbffefad8339afa4e1667139eace9601e9fa0c580EppPaB86d.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:4020
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1408 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:4936

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\jds240649593.tmp\6e68df42609b8b7b9104a20ddbffefad8339afa4e1667139eace9601e9fa0c580EppPaB86d.exe

            Filesize

            1.9MB

            MD5

            a9b69edaaf925ea6a71679d9a0f56266

            SHA1

            efe45a8e10c3d559b4800b0974f65bf0e87c747b

            SHA256

            e37988551194fccbbb82fc0a159a9b9abb242cdaed14a331cbceb0f5195e18f4

            SHA512

            663f2dc7a6faa7c2a0db5ad3d60b9e0909543b77285a048a1b3c7b20d3cd2a8607202bfc8a0d4b597ec517a7b0ed01f446a4a9c722a750a07f5ece56dff74e23

          • C:\Users\Admin\AppData\Local\Temp\jusched.log

            Filesize

            155KB

            MD5

            78b78e62138b62b5b3c926a9a7879298

            SHA1

            412c27e017ca8260641a657f42d22f168962cdbb

            SHA256

            29318e9dd6e7ff615927c2bb13d4ac1d4a2cdda2443114cf0eadca351b0d9b8c

            SHA512

            e40bc1a1832289687ee6f2336a09c7fece9e2b0843b3cb877c88c887e61d7d613884a65630401bac858869af79c6d3065495898ec1ae1fcca5b59f92ab52018b

          • C:\Users\Admin\AppData\Local\Temp\jusched.log

            Filesize

            154KB

            MD5

            b7bed3865cd41784eaab397e2e768c89

            SHA1

            751929c47c730d4e3ee12515a9afbe6dfbf3ebef

            SHA256

            5bc05150d463674aede8332ace368dd60709a47bd428fad5b80ead5906d575bb

            SHA512

            25bc96486b338d6921a5371230fd3acfc98916ad58ce78bef1ba8df755d4390c21129d5e5631d0478363667682a8c4421bf4a2ba32c75270b4433ba144240181