Overview

overview

7

Static

static

3

00b8eac62e...0N.exe

windows7-x64

7

00b8eac62e...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-07-2024 12:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    00b8eac62e2e5a484299311bd59591f0N.exe

  • Size

    29KB

  • MD5

    00b8eac62e2e5a484299311bd59591f0

  • SHA1

    8d2e4fd8528867ceb0be9debaf319eb7ad461b76

  • SHA256

    c7ee707579cff8451ed8a7f1ba5584745c59ddf1c1a5abd427c7ca073706677a

  • SHA512

    e930ced69c3297398ebbd7b2ef67414bbeb4a8cb0f11e1b86a9cbc2bc9dc7dfca58277c99dc4e48e0808c3dd90732d48cb9643c4d8f4b45bcf0d35d594ededd4

  • SSDEEP

    384:v/4LNJY74JwOllSBQmrb0i5PrmqHIKpa54b5f0iws0wGo+3:v/qSamrxDmqoKM4Z0iwtwfA

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\00b8eac62e2e5a484299311bd59591f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\00b8eac62e2e5a484299311bd59591f0N.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4616
    • C:\Users\Admin\AppData\Local\Temp\2024072112.exe
      C:\Users\Admin\AppData\Local\Temp\2024072112.exe down
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:1424
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\del.bat
      2⤵
        PID:4872

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\2024072112.exe
      Filesize

      29KB

      MD5

      006e4950c0f80bc1f38757feb8192256

      SHA1

      6f7d810e1c352dee8cedc12236abe6b50e873e7a

      SHA256

      9114d4a55680f5a85d21367250c7936f6d5045186aff4edc782a38db14acb7c4

      SHA512

      e5fae47292dfb28bdb0a6f7e30ee71f45f1b23db131a2ad030aba47f1308e397389d9c789b927c04266de542260483fa14a121db624ca083efd10e22c6a5bc05

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\del.bat
      Filesize

      174B

      MD5

      6fc905cc0c4bab104eb85418413fa1e9

      SHA1

      037fb2cf2ef13c586007a9a8f08515ba1561e3d7

      SHA256

      13293e1c5ffaf9208389321d7fe7dc646487101acf04e5cbae10c363baa4cfaf

      SHA512

      3eb2ed31a5447153a6df5fe380b41157ff689c16fb97bba2987670e27ace61aec120398959960efea87dc05366bdd99fafa143a534e39c8a6b752c86b1707cf0

      Download Submit

    • memory/1424-14-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

      Download