Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
14/10/2024, 17:49
Behavioral task
behavioral1
Sample
ESET-KeyGen_v1.5.2.2_win64.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
ESET-KeyGen_v1.5.2.2_win64.exe
Resource
win10v2004-20241007-en
General
-
Target
ESET-KeyGen_v1.5.2.2_win64.exe
-
Size
15.7MB
-
MD5
1f40238a453f1491adb09dcebb466ec7
-
SHA1
a397b206587f678f0300eb2e4cbd3be30fb13f6b
-
SHA256
79df63ae8fd06de2e2e5420d27619ae7ea13ff9361d336aa379718ab4ca63f60
-
SHA512
60d3af62f2ac4c8e193e61200615c5c7cb8e78d6a1772bedc24939bf735eacf81dbc78ee7d478ba2e8234c1815298f7238c3d335146e04e97d6e15574a204a9a
-
SSDEEP
393216:n1ROEL2Vmd6mM0GzajJZfVQEH4/EuJDzWShYqkHjXWPqIa+c:NyVmdEEvHKXJDiSSjXuqUc
Malware Config
Signatures
-
Loads dropped DLL 7 IoCs
pid Process 2560 ESET-KeyGen_v1.5.2.2_win64.exe 2560 ESET-KeyGen_v1.5.2.2_win64.exe 2560 ESET-KeyGen_v1.5.2.2_win64.exe 2560 ESET-KeyGen_v1.5.2.2_win64.exe 2560 ESET-KeyGen_v1.5.2.2_win64.exe 2560 ESET-KeyGen_v1.5.2.2_win64.exe 2560 ESET-KeyGen_v1.5.2.2_win64.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2444 wrote to memory of 2560 2444 ESET-KeyGen_v1.5.2.2_win64.exe 31 PID 2444 wrote to memory of 2560 2444 ESET-KeyGen_v1.5.2.2_win64.exe 31 PID 2444 wrote to memory of 2560 2444 ESET-KeyGen_v1.5.2.2_win64.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\ESET-KeyGen_v1.5.2.2_win64.exe"C:\Users\Admin\AppData\Local\Temp\ESET-KeyGen_v1.5.2.2_win64.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2444 -
C:\Users\Admin\AppData\Local\Temp\ESET-KeyGen_v1.5.2.2_win64.exe"C:\Users\Admin\AppData\Local\Temp\ESET-KeyGen_v1.5.2.2_win64.exe"2⤵
- Loads dropped DLL
PID:2560
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
10KB
MD580ab22c6d0250257b61b217822aa5d7c
SHA1e659198c8045d918384e276783507d77ce297cd6
SHA256d56b63aefedc21372a5d75918032e98f3e4c564733d4838a5b442351e32a300b
SHA51294e61803a318fde919ba18a20cbdfae1250a844c2266311bc99cfcbb22757bd43b5279567f24bae32192dc0b9fbb0b20d10db3b3f19014708af7e8f89a1c96a4
-
Filesize
12KB
MD57859eb82f99fa849ad33909cdae8d493
SHA1b56512906e9642a99dcb7eb7373fa8ad5990019e
SHA2567c7a3c0d04519d1656a50604b1052850e9d937b6c3e973d564a6b2f9495ae05f
SHA512a6548d6d70e8c22638d0619b4eaafead5289953c013d2e95477fb34316b788cd756217426dd36582b49ba5fd93702c4ec4590cabbe47d79156516fff5fcdb149
-
Filesize
10KB
MD554d6888e154d8fd2b35c7a7b8dcaa84b
SHA1883cca38ff0d43ab86b344ec7a490515f594a060
SHA2569e2744bc1f7fa7015881c5edc7f14b031472ca1a08c57c38325cbf7736890be0
SHA5120b2f048b2b5f1083d8e65ddb3278a4340eab05e41d9a08b4337f4cdf6b5afe540cda6c3b87462a2de3bb9ff2fc2ab6d95631913c6e1e02335a42812d7ef681dd
-
Filesize
4.3MB
MD52135da9f78a8ef80850fa582df2c7239
SHA1aac6ad3054de6566851cae75215bdeda607821c4
SHA256324963a39b8fd045ff634bb3271508dab5098b4d99e85e7648d0b47c32dc85c3
SHA512423b03990d6aa9375ce10e6b62ffdb7e1e2f20a62d248aac822eb9d973ae2bf35deddd2550a4a0e17c51ad9f1e4f86443ca8f94050e0986daa345d30181a2369
-
Filesize
984KB
MD56914ef1fad4393589072e06a4630d255
SHA1028669a97db7c007441ae3330767968544eba3c6
SHA25681c9b5d54e1b1da192f4a167f7e06439e36c670a99af2f1ef056e0959e85de57
SHA512b682c749d6f2ed56d69ff4f8520899638fa6f436b2af8241db686ccbc606d23d4e77721222ab7ad863336d5e5aafa1033b94f550198a1a083af5811ce8dec004
-
Filesize
10KB
MD54e7b40f3c457212792ed796d5ceb7c0f
SHA1dedb78bbcc0ae5e5ab1cb15eec15e4f3300bc32e
SHA25611f046a0bd6ea6bbae9355e7b3f6ca42adae2a5c7f41f30fcb497baec80d69ad
SHA5123f8fd4171d48cf8f9a37fad1b42d79bb9b8cf8c08d0e594aebc6425c1b5d981db542a4a57bf71d5fd936641755c1c8548bc77ead99aff142da0da10e03b1c135
-
Filesize
10KB
MD59ec9658795a82a6f689dbbf9b14d56a8
SHA190498e0259ec68959e0ca9b7dfb6e94f24a192e5
SHA256e25a1056beef787a1857541714d3ced677bc29257ddb70643a3f332d7081e24b
SHA512ddab3d638f6b685ecf438870b3b6f1d7dd56319ed4748cbca20d54863970ce1e4e5edac4b7df5b63712fa63b1214f9477360f6f1dc7ec28feb807d3a3eb6457a