Overview

overview

7

Static

static

3

d28619a6e5...da.exe

windows7-x64

7

d28619a6e5...da.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    27-04-2024 22:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d28619a6e55e38280dbf4d63a1e869439cef6d2992f490b61d34c4bdbb66f4da.exe

  • Size

    76KB

  • MD5

    6d2a38f47d2efe8b4e4383ff2c36ee74

  • SHA1

    356b5a63943cb9a26136fa5b8994007331366541

  • SHA256

    d28619a6e55e38280dbf4d63a1e869439cef6d2992f490b61d34c4bdbb66f4da

  • SHA512

    b10e2df596ac405a5d3a3c07534f63c31fb9debbdf75c7533b9ea1fce47089c861faad535ea9fa6654b3245391c8341835e28306acee290ce0416619af6f71aa

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOqDr:GhfxHNIreQm+HiZDr

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d28619a6e55e38280dbf4d63a1e869439cef6d2992f490b61d34c4bdbb66f4da.exe
    "C:\Users\Admin\AppData\Local\Temp\d28619a6e55e38280dbf4d63a1e869439cef6d2992f490b61d34c4bdbb66f4da.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2932
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2352

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Privilege Escalation

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    77KB

    MD5

    a8e8ef162f755230203863e42826313c

    SHA1

    0321a20771cae640d70ae020a5131fcea90c92c2

    SHA256

    df24886275ad573102a124796ea3f5702b6f4cc69b9c1ce77443d772aa40a455

    SHA512

    f9d9cb54aac78be8c37c915bee1713685a031d8d1f53cc342c028003d272d568541213f187f997234fdacb8bb36b2614de58628c87929858f2ae2307a85cddfa

    Download Submit
  • \Windows\system\rundll32.exe
    Filesize

    80KB

    MD5

    5901283511c0a4d9830781ff719af96f

    SHA1

    1927655ca2add22fe8b80013df5c606c6f7e81fd

    SHA256

    7fc2e8381f572907b5b04da779f8a1744ae4f0ec24a8f276cb2659a81ad89fac

    SHA512

    1f2050c2f4cbc9339c14f5ef0221b9141ddca048474ba2ce651ff5f57aebd2812a92b49dc18a2141a335fe2d97bdbe57b0c5f28ba0dd6535a4c7e19e897f17c4

    Download Submit
  • memory/2352-20-0x0000000000400000-0x0000000000415A00-memory.dmp
    Filesize

    86KB

    Download
  • memory/2932-0-0x0000000000400000-0x0000000000415A00-memory.dmp
    Filesize

    86KB

    Download
  • memory/2932-12-0x00000000003E0000-0x00000000003F6000-memory.dmp
    Filesize

    88KB

    Download
  • memory/2932-19-0x00000000003E0000-0x00000000003F6000-memory.dmp
    Filesize

    88KB

    Download
  • memory/2932-22-0x00000000003E0000-0x00000000003E2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2932-21-0x0000000000400000-0x0000000000415A00-memory.dmp
    Filesize

    86KB

    Download