Analysis

  • max time kernel
    109s
  • max time network
    108s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    05-05-2021 02:51

General

  • Target

    7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe

  • Size

    3.8MB

  • MD5

    aaefc0480def364bddc8b77efd1e9298

  • SHA1

    985c945b1959453084e4f5e8eedf1cce03cd6b43

  • SHA256

    7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438

  • SHA512

    197d81e5a47e845048bbb7a358fa7842df85542dddba82266bd91448aebb196a32081537c47885311c3f30b00b2028ae812b2e1c878a040ac65e654fa8bcee88

Score
8/10

Malware Config

Signatures

  • Drops file in Drivers directory 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 25 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe
    "C:\Users\Admin\AppData\Local\Temp\7e3293e07c706d9d02e34682537a566dd5aed3464fd186af6eefd7a73b8e8438.exe"
    1⤵
    • Drops file in Drivers directory
    • Adds Run key to start application
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:1048

Network

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1048-59-0x0000000075721000-0x0000000075723000-memory.dmp
    Filesize

    8KB