Overview
overview
10Static
static
10Pvt Hooks.rar
windows7-x64
7Pvt Hooks.rar
windows10-2004-x64
8Pvt Hooks/Read.txt
windows7-x64
1Pvt Hooks/Read.txt
windows10-2004-x64
1Pvt Hooks/...us.dll
windows7-x64
1Pvt Hooks/...us.dll
windows10-2004-x64
1Pvt Hooks/...or.exe
windows7-x64
7Pvt Hooks/...or.exe
windows10-2004-x64
8.pyc
windows7-x64
3.pyc
windows10-2004-x64
3Analysis
-
max time kernel
117s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
30/11/2024, 06:10
Behavioral task
behavioral1
Sample
Pvt Hooks.rar
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Pvt Hooks.rar
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Pvt Hooks/Read.txt
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
Pvt Hooks/Read.txt
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
Pvt Hooks/ascendhookopus.dll
Resource
win7-20240729-en
Behavioral task
behavioral6
Sample
Pvt Hooks/ascendhookopus.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
Pvt Hooks/injector.exe
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
Pvt Hooks/injector.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
.pyc
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
.pyc
Resource
win10v2004-20241007-en
General
-
Target
Pvt Hooks/injector.exe
-
Size
7.5MB
-
MD5
5ac349d31df2f8659f3cbafb6c364d63
-
SHA1
6b897500c22044917fae28b0bfacdf06fb2c9a81
-
SHA256
38fe07cf164f35010e97497f66a0435b77b625e69a4c211c8c3b111c4afedf5a
-
SHA512
dea18006743d2e2abfd647f43d24e263aa3725eed1e61b53610fa4f85b7882aced03122dfb7c002e78930772a264befe03568404b62ca50cf290f4734bcf7bb2
-
SSDEEP
196608:eNxHcLjv+bhqNVoBLD7fEXEoYbiIv9pvvk9fIiZ1ju:GsL+9qz8LD7fEUbiIqQgpu
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 2276 injector.exe -
resource yara_rule behavioral7/files/0x0006000000016d73-21.dat upx -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2328 wrote to memory of 2276 2328 injector.exe 31 PID 2328 wrote to memory of 2276 2328 injector.exe 31 PID 2328 wrote to memory of 2276 2328 injector.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\Pvt Hooks\injector.exe"C:\Users\Admin\AppData\Local\Temp\Pvt Hooks\injector.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2328 -
C:\Users\Admin\AppData\Local\Temp\Pvt Hooks\injector.exe"C:\Users\Admin\AppData\Local\Temp\Pvt Hooks\injector.exe"2⤵
- Loads dropped DLL
PID:2276
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.7MB
MD586d9b8b15b0340d6ec235e980c05c3be
SHA1a03bdd45215a0381dcb3b22408dbc1f564661c73
SHA25612dbbcd67015d6cdb680752184107b7deb84e906b0e8e860385f85d33858a5f6
SHA512d360cc3f00d90fd04cbba09d879e2826968df0c1fdc44890c60b8450fe028c3e767450c3543c62d4f284fb7e004a9a33c52538c2279221ee6cbdb1a9485f88b2