Analysis
-
max time kernel
138s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
26-06-2024 09:00
Behavioral task
behavioral1
Sample
87e49262d86ee72df3856749f27027da1b43b849703c720e88c96c7458f2b7f8.exe
Resource
win7-20240221-en
General
-
Target
87e49262d86ee72df3856749f27027da1b43b849703c720e88c96c7458f2b7f8.exe
-
Size
15.2MB
-
MD5
166d53e5f34bba07c43ec5f57f499df9
-
SHA1
b2494362acdd8483803112ee2ce7dac22ef2840b
-
SHA256
87e49262d86ee72df3856749f27027da1b43b849703c720e88c96c7458f2b7f8
-
SHA512
7153a8fb3e7ae034c895c409300f49fa6f76630eb11ad08d0dfe94d0dc35aa1ba79c90739be173c42eaa9cb97581f84f30909378a5b8b986ff88e029bf82628e
-
SSDEEP
393216:wv1qC3C5hVp3QY+MzcJyRS8zPnfKQgyEIp0m:wtqCut3QY5zoZygX5m
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 4344 87e49262d86ee72df3856749f27027da1b43b849703c720e88c96c7458f2b7f8.exe -
resource yara_rule behavioral2/memory/4344-48-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/4344-52-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/4344-50-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/4344-46-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/4344-44-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/4344-42-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/4344-40-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/4344-38-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/4344-36-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/4344-32-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/4344-30-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/4344-28-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/4344-26-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/4344-24-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/4344-22-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/4344-18-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/4344-16-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/4344-14-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/4344-12-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/4344-11-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/4344-34-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/4344-20-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral2/memory/4344-10-0x0000000010000000-0x000000001003E000-memory.dmp upx -
resource yara_rule behavioral2/memory/4344-6-0x0000000000400000-0x000000000230E000-memory.dmp vmprotect behavioral2/memory/4344-54-0x0000000000400000-0x000000000230E000-memory.dmp vmprotect behavioral2/memory/4344-55-0x0000000000400000-0x000000000230E000-memory.dmp vmprotect behavioral2/memory/4344-66-0x0000000000400000-0x000000000230E000-memory.dmp vmprotect -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 4344 87e49262d86ee72df3856749f27027da1b43b849703c720e88c96c7458f2b7f8.exe 4344 87e49262d86ee72df3856749f27027da1b43b849703c720e88c96c7458f2b7f8.exe 4344 87e49262d86ee72df3856749f27027da1b43b849703c720e88c96c7458f2b7f8.exe 4344 87e49262d86ee72df3856749f27027da1b43b849703c720e88c96c7458f2b7f8.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 4344 87e49262d86ee72df3856749f27027da1b43b849703c720e88c96c7458f2b7f8.exe 4344 87e49262d86ee72df3856749f27027da1b43b849703c720e88c96c7458f2b7f8.exe 4344 87e49262d86ee72df3856749f27027da1b43b849703c720e88c96c7458f2b7f8.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\87e49262d86ee72df3856749f27027da1b43b849703c720e88c96c7458f2b7f8.exe"C:\Users\Admin\AppData\Local\Temp\87e49262d86ee72df3856749f27027da1b43b849703c720e88c96c7458f2b7f8.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4344
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.1MB
MD5c091a823c41bb5bc6c5a1ab6c926504c
SHA17b358a9211f8f5e3ce22f38075caf605fc4d2032
SHA256c58334cb8bd8e7a2c998d0717fff8bacbd873ab949e40a0e5f053dd51b67cca4
SHA512742ea0c78115f602c16a793d6d34ea97f0ff8bd4fc1ab28b90b7b7a3dc6fe6b921615ce97c0b23839e18f632d8e09f4319052de532dd9d31b70a22f12b7cc68d