Overview

overview

10

Static

static

10

f1f3466784...07.exe

windows7-x64

7

f1f3466784...07.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    07-07-2024 01:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f1f3466784f8757113fa3fc2f742b04202cb98cfa3e92f1b26c001bfcff2d207.exe

  • Size

    139.7MB

  • MD5

    ab32fa6aaaf27e833cc65317b8fd6e98

  • SHA1

    61b339765f53729fcd5a6631e7ef833de9dccad0

  • SHA256

    f1f3466784f8757113fa3fc2f742b04202cb98cfa3e92f1b26c001bfcff2d207

  • SHA512

    5338550de90d654400ed051670ef3670f17c3279777fab65da9a4afd87caffeac8466b5700b58ef99e3c627959c87c3a4db5a9a0dfa34a8afa9387e3cf402271

  • SSDEEP

    786432:wMBFPmYEDLVqSOqZDq+ybW1h4uyrzMVX9yvjBIA1toV+dUbWN3KPqiVslIBKOMxT:wRYcLQvqkWLYUNw91toV+dgTVBZo

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 6 IoCs
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f1f3466784f8757113fa3fc2f742b04202cb98cfa3e92f1b26c001bfcff2d207.exe
    "C:\Users\Admin\AppData\Local\Temp\f1f3466784f8757113fa3fc2f742b04202cb98cfa3e92f1b26c001bfcff2d207.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system certificate store
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:2088

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\.net\f1f3466784f8757113fa3fc2f742b04202cb98cfa3e92f1b26c001bfcff2d207\VkQR+XbK6hQojWx_lxl3Qp7ozg0URKc=\Melanchall_DryWetMidi_Native64.dll
    Filesize

    65KB

    MD5

    42b0ac2ff31833a75a04c50d2b393a6f

    SHA1

    b9f4cc5ff0622ac7a126a6ed6a5be86fc72f9e33

    SHA256

    2debc5d1046f513db6a920c29b16de23ee29fd713a3447ce4c3d97313e0d3547

    SHA512

    a454e4cb43eb18edef3a45a6720eb575c2ed2b497fc4deffa9a51e8f5bdfa805a007e6c10a496f03cd0f6e0a8c7ccd4b76d398521c163306fa09fe2df29f31e4

    Download Submit

  • \Users\Admin\AppData\Local\Temp\.net\f1f3466784f8757113fa3fc2f742b04202cb98cfa3e92f1b26c001bfcff2d207\VkQR+XbK6hQojWx_lxl3Qp7ozg0URKc=\av_libglesv2.dll
    Filesize

    4.2MB

    MD5

    73d2fb4c35d323813a86e3bf5c85c345

    SHA1

    81f751a34e0c25bdea93902a19a94a49ce1495df

    SHA256

    85b3aee47c0e0eaf3a5ea5c75ba8131387a12639b6a0ef280c28531fb77695ae

    SHA512

    e81677cc9b99ff3d54f67000a60489603e01a896f90c4ef0c883b82e2fdb7b90d2899c078958b3f060a20373b99cb6c4deb7f64cc4c7e0ba2a708209f4684ca4

    Download Submit

  • \Users\Admin\AppData\Local\Temp\.net\f1f3466784f8757113fa3fc2f742b04202cb98cfa3e92f1b26c001bfcff2d207\VkQR+XbK6hQojWx_lxl3Qp7ozg0URKc=\libHarfBuzzSharp.dll
    Filesize

    1.5MB

    MD5

    f121a2afb03f1b8ca1784e544464a346

    SHA1

    9346297a66989dbe88bc459ee8bf936e7acb3d24

    SHA256

    f13d0dae00a598620a436fd991219a2e0fe6157eac90faa025d4d76845cd996c

    SHA512

    ebbb8c2d7d97521286af0f6b02195890b193e660a28e6b1e5112ed9f1fcc081c66587a7a82c8a9468d1a55d477880487d1b3edf1deb2ea285e17d70fbd56c6f1

    Download Submit

  • \Users\Admin\AppData\Local\Temp\.net\f1f3466784f8757113fa3fc2f742b04202cb98cfa3e92f1b26c001bfcff2d207\VkQR+XbK6hQojWx_lxl3Qp7ozg0URKc=\libSkiaSharp.dll
    Filesize

    9.0MB

    MD5

    26d723bd75b5c6591dfde18b71281920

    SHA1

    47c05d42af2968f83877bb9cbf744c938489f466

    SHA256

    2ca940b7c4621ecd27d2f07c5f46fafa0375f493692cd4e6e1e66c07fbc8109a

    SHA512

    90bbdd48588616177354402b91a3fac363f8eb7959af570e6cee1174eeab950077b71ed47645262daf0957ced5b90b3aa5a7146a5d04d52b5c7975a5d31c5ef7

    Download Submit

  • \Users\Admin\AppData\Local\Temp\.net\f1f3466784f8757113fa3fc2f742b04202cb98cfa3e92f1b26c001bfcff2d207\VkQR+XbK6hQojWx_lxl3Qp7ozg0URKc=\portaudio.dll
    Filesize

    171KB

    MD5

    680ce7668780d32fbe25ad50ab4a45a1

    SHA1

    233e8bf31e7f571165419f2470bcfc6fed880c61

    SHA256

    b9b1d1dc5d05ad593325d38fb6f232d89bc326d6177da394b5f8fd5836abaac6

    SHA512

    d3d4fb79fbcafcab9d5361e6e47ec48947d1c8ae1bb5355544bc2f79522c62d753abbc0e1418d275300d9f597773139df9164c46b2e2b8640f2a448489c42d53

    Download Submit

  • \Users\Admin\AppData\Local\Temp\.net\f1f3466784f8757113fa3fc2f742b04202cb98cfa3e92f1b26c001bfcff2d207\VkQR+XbK6hQojWx_lxl3Qp7ozg0URKc=\uiohook.dll
    Filesize

    647KB

    MD5

    05481d7a12e3dda1b46cd938eeca069c

    SHA1

    721ef7e9ef75b0eb7045fb2651e036c83748fc92

    SHA256

    cdd570722eec0beb4b7b79f99d1501a34f88b868b2dd1fdf4d7a1441dbc6c918

    SHA512

    7b552aeeaf556a5cd097e9abfdf780e3c5b303e440fc6815410e125744177a98045c93df135668733e045b592a51dbc61d9f93baecabc2c821854c23825cde74

    Download Submit

  • memory/2088-16-0x000000013FCDE000-0x000000013FCDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2088-14-0x0000000180000000-0x0000000180A25000-memory.dmp

    Filesize

    10.1MB

    Download

  • memory/2088-39-0x000007FEF49B0000-0x000007FEF49C5000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2088-40-0x000000013FCDE000-0x000000013FCDF000-memory.dmp

    Filesize

    4KB

    Download