f31d6096941c0eaba9b0564a3137a129031182b9203f0338f6333439e96445ce | Triage

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
04/07/2024, 23:28

Sharing

Report Analysis Logs

General

Target

DClient.exe
Size

397KB
MD5

debfd3046e8d276a4158d0ae8b1fef62
SHA1

6c24c8b318be0c7b6119454d5ca1b0a9e98dfc5f
SHA256

7e378eeee97904608c7d7092be04fd4db5ccd07633c70e120380d251138acb9d
SHA512

c6150ee1b3da84bc5684522d968031bd9e75f38823da3975f305df7234dbc47868701bab4d8f59700cd0d084fd1cfdbfe829c0d119d8788c83df50bdf6f737a0
SSDEEP

12288:q0gOH02VwZLCHNpiejRpkxQFtbGA4itu5faB:q0TBELCtpie15taAzu5u

Score

1^/10

Malware Config

Signatures

Suspicious use of FindShellTrayWindow 31 IoCs

pid	Process
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe

Suspicious use of SendNotifyMessage 31 IoCs

pid	Process
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe
2924	DClient.exe

C:\Users\Admin\AppData\Local\Temp\DClient.exe
"C:\Users\Admin\AppData\Local\Temp\DClient.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2924-0-0x0000000000400000-0x000000000050F000-memory.dmp

Filesize
1.1MB

Download
memory/2924-1-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/2924-2-0x0000000000400000-0x000000000050F000-memory.dmp

Filesize
1.1MB

Download
memory/2924-3-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download