Overview

overview

10

Static

static

3

123.zip

windows7-x64

5

123.zip

windows10-2004-x64

10

Analysis

  • max time kernel
    129s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    23-06-2024 22:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    123.zip

  • Size

    15.3MB

  • MD5

    864073b3502b7b3423a544fc63d32972

  • SHA1

    c42102d9cb1754a89b95a127c87e17202ef182d2

  • SHA256

    093829978db365038f91117ce5aba04049878cf82a3944dccc26f88fd74b0db3

  • SHA512

    1263b298a7bb5118c9e40468fa58041af0ff525b4a4d964d56ff55b7ccfa87081e9c841a265f112bad4ae62c39c0904f28f4694019405a333ee8cd2938c0de60

  • SSDEEP

    393216:aQwY0Zxl07AUHpimgYhuzKKlKieq1qVmIdez9tmLxigpnAN:xNOD079pUY8zr0dmMUhgpn4

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\123.zip
    1⤵
      PID:2056
    • C:\Windows\system32\verclsid.exe
      "C:\Windows\system32\verclsid.exe" /S /C {0B2C9183-C9FA-4C53-AE21-C900B0C39965} /I {0C733A8A-2A1C-11CE-ADE5-00AA0044773D} /X 0x401
      1⤵
        PID:1984
      • C:\Users\Admin\Desktop\123\Setup.exe
        "C:\Users\Admin\Desktop\123\Setup.exe"
        1⤵
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: MapViewOfSection
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2668
        • C:\Windows\SysWOW64\more.com
          C:\Windows\SysWOW64\more.com
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: MapViewOfSection
          • Suspicious use of WriteProcessMemory
          PID:2820
          • C:\Windows\SysWOW64\SearchIndexer.exe
            C:\Windows\SysWOW64\SearchIndexer.exe
            3⤵
              PID:752

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\8f68a967
          Filesize

          1011KB

          MD5

          94b9e095a53ec74c9a9ea37f57cf90b6

          SHA1

          e867771dd5fd4127a8a13784e9985a69892d8740

          SHA256

          1214a07b71a1438cd2d27d50589688cbb1cc9a2488dd172f3d474fdbbedba656

          SHA512

          14180e09c55dffbcb6fabb7f26b8c8cf406a4ee7c3f3ea0367a99806f9dbdc7584df5bb13f2741fcfdb9d198a4dfb532199d3b728c4975cf48aea579b575355a

          Download Submit
        • memory/752-12-0x00000000773A0000-0x0000000077549000-memory.dmp
          Filesize

          1.7MB

          Download
        • memory/752-13-0x0000000000400000-0x0000000000458000-memory.dmp
          Filesize

          352KB

          Download
        • memory/752-14-0x0000000000400000-0x0000000000458000-memory.dmp
          Filesize

          352KB

          Download
        • memory/2668-0-0x0000000000400000-0x000000000099A000-memory.dmp
          Filesize

          5.6MB

          Download
        • memory/2668-1-0x00000000773A0000-0x0000000077549000-memory.dmp
          Filesize

          1.7MB

          Download
        • memory/2668-5-0x0000000000400000-0x000000000099A000-memory.dmp
          Filesize

          5.6MB

          Download
        • memory/2820-9-0x00000000773A0000-0x0000000077549000-memory.dmp
          Filesize

          1.7MB

          Download
        • memory/2820-10-0x00000000740C0000-0x0000000074234000-memory.dmp
          Filesize

          1.5MB

          Download